Adobe patched two vulnerabilities for Acrobat/Reader and Flash Player, while the company said fixes for three ColdFusion flaws will release Jan. 15.
Adobe labels the Acrobat and Reader updates as critical on Windows for version 9.5.3; Adobe said there are no active exploits but this is the most likely avenue for attack. The updates patch vulnerabilities that could crash the applications and allow an attacker to remotely control a computer running the vulnerable software.
The updates are for Reader and Acrobat 11.0.0 and earlier versions for Windows and Mac and Reader 9.5.1 and earlier 9.x for Linux.
Adobe also updated Flash Player, addressing vulnerabilities that could crash the player and enable an attacker to control the victim’s computer. The security update is for Flash Player 11.5.502.135 and earlier on Windows and 11.5.502.136 on Macintosh. Linux and Android versions of Flash were ended up patched.
Microsoft also released a complementary update of Flash Player for Internet Explorer 10 for Windows 8, Windows Server 2012 and Windows RT. The update targets Flash libraries within IE 10 as well as the vulnerabilities addressed in the Adobe update.