Adobe released a series of updates on Tuesday to address security issues affecting its ColdFusion, LiveCycleDS, and Adobe Premiere Clip products.
First on the list is a hotfix for Adobe ColdFusion that resolves two input validation issues (CVE2015-8052 and CVE-2015-8053) that could be used in reflected cross-site scripting attacks. The hotfix also includes an updated version of BlazeDS that resolves an important server-side request forgery vulnerability (CVE-2015-5255), Adobe said. Versions ColdFusion 11 (Update 6 and earlier) and ColdFusion 10 (update 17 and earlier) are affected.
Next on the list are security updates for Adobe LifeCycle Data Services that include an updated version of BlazeDS that also resolves a server-side request forgery vulnerability. The vulnerability, which was assigned a priority rating of 2, can be resolved with the patch that fixes issue with the parsing of crafted XML documents that could expose affected systems to server side request forgery attacks.
Rounding out the list of patches released by the software firm is an update for Premiere Clip for iOS, which addresses an input validation issue (CVE-2015-8051) in the mobile application that allows iOS users to create and edit videos on their iPhone or iPad. Adobe assigned the vulnerability a priority rating of 3.
While Adobe said that it is not aware of any exploits ‘in the wild’ for the issues, the updates address important vulnerabilities and users should update their software installations to the latest versions.
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
