Adobe released a series of updates on Tuesday to address security issues affecting its ColdFusion, LiveCycleDS, and Adobe Premiere Clip products.
First on the list is a hotfix for Adobe ColdFusion that resolves two input validation issues (CVE2015-8052 and CVE-2015-8053) that could be used in reflected cross-site scripting attacks. The hotfix also includes an updated version of BlazeDS that resolves an important server-side request forgery vulnerability (CVE-2015-5255), Adobe said. Versions ColdFusion 11 (Update 6 and earlier) and ColdFusion 10 (update 17 and earlier) are affected.
Next on the list are security updates for Adobe LifeCycle Data Services that include an updated version of BlazeDS that also resolves a server-side request forgery vulnerability. The vulnerability, which was assigned a priority rating of 2, can be resolved with the patch that fixes issue with the parsing of crafted XML documents that could expose affected systems to server side request forgery attacks.
Rounding out the list of patches released by the software firm is an update for Premiere Clip for iOS, which addresses an input validation issue (CVE-2015-8051) in the mobile application that allows iOS users to create and edit videos on their iPhone or iPad. Adobe assigned the vulnerability a priority rating of 3.
While Adobe said that it is not aware of any exploits ‘in the wild’ for the issues, the updates address important vulnerabilities and users should update their software installations to the latest versions.