Adobe Systems today released a security bulletin addressing the vulnerabilities in Flash Player, Flex and Cold Fusion. As mentioned in the bulletin, the present version of Adobe Flash Player was vulnerable and could potentially allow the attackers to take control of the affected system.
A security advisory released by the company states, “Adobe is aware of a report that an exploit for CVE-2015-3043 exists in the wild and recommends users update their product installations to the latest versions.”
The company recommends users to update their product installations to the latest versions of software.
|Product Installed||Suggested Update|
|Adobe Flash Player desktop runtime (Win & Mac)||Adobe Flash Player 22.214.171.124|
|Adobe Flash Player Extended Support Release||Adobe Flash Player 126.96.36.1991|
|Adobe Flash Player for Linux||Adobe Flash Player 188.8.131.527|
The company further added in the report that Adobe Flash Player installed with Internet Explorer and Google Chrome will automatically update to version 184.108.40.206 when available.
The latest security report also added the hotfixes for ColdFusion versions 11 and 10, addressing an input validation issue exploited by attackers in cross-site scripting attack. The company suggests that ColdFusion users update their installations and to apply the security configuration settings, using password authentication and configure sandbox security.
These vulnerabilities may lead to a reflected cross-site scripting attack and can also allow the attackers to take control of your system. Users and administrators are encouraged to review the Adobe Security Bulletin and patch these vulnerabilities.