Adobe’s Patch Tuesday fixes 10 vulnerabilities in Flash Player and ColdFusion.
Only one security hole has been patched in Flash Player. Version 18.104.22.168 fixes CVE-2018-15967, a privilege escalation issue that can lead to information disclosure.
The vulnerability, reported to Adobe by Microsoft’s Security Response Center, has been rated “important” with a priority rating of 2.
Nine vulnerabilities ended up fixed in ColdFusion, including deserialization holes that can end up leveraged for arbitrary code execution. An unrestricted file upload bug that can lead to code execution has also been classified as critical.
Another critical issue is the use of an unnamed component that has a known vulnerability. The flaw can allow an attacker to overwrite arbitrary files.