Not only does Microsoft enjoy Patch Tuesday, but so does Adobe as the company released security updates for its Flash Player and Shockwave Player products as well as hotfixes for ColdFusion.
The security updates close critical vulnerabilities. Of the hotfixes for ColdFusion, one rated as “Critical,” while the other “important.”
The patches for Flash Player fix security holes that allowed potential attackers to trigger crashes and take control of affected systems. Windows and Mac users should update to version 11.8.800.94. An update to version 18.104.22.1687 is available for Linux. The versions of Flash Player for Google Chrome (11.8.800.97) and for Internet Explorer 10 (11.8.800.94) should update automatically. Recent Android 4.x systems can become current by updating to 22.214.171.124. Older versions of Android such as 3.x and 2.x should update to version 126.96.36.199 of Flash Player.
The security hole in Adobe’s Shockwave also enables attackers to execute malicious code on a system. Windows and Mac OS X users can fix their players by updating to version 188.8.131.52.
Two hotfixed vulnerabilities were in Adobe’s ColdFusion. In ColdFusion 10 for Windows, Mac OS X and Linux, security hole CVE-2013-3350 enables attackers to “invoke public methods on ColdFusion Components using WebSockets.” Security hole CVE-2013-3349 in ColdFusion versions 9.0, 9.0.1 and 9.0.2 that run on JRun could trigger Denial-of-Service (DoS) scenarios. This hole doesn’t affect ColdFusion 10.