14 DAY TRIAL // The recent release of Flash Player 11.9.900.152 fixes security holes whose exploitation could lead to compromising the targeted system.
The new build eliminates two memory corruption vulnerabilities (CVE-2013-5329 and CVE-2013-5330) that would allow an attacker to execute malicious native code on the targeted machine surreptitiously.
Both security updates are marked as critical and have the highest priority rating (1) on Windows and Mac. This means that administrators are advised to install the latest version in the shortest time possible (around 72 hours).
The company did not provide any information about possible exploitation in the wild of the aforementioned vulnerabilities.
A security hotfix has been released for ColdFusion as well, for versions 10, 9.0.2, 9.0.1, and 9.0 for Windows, Macintosh, and Linux.
The patch addresses a flaw (reflected cross site scripting – CVE-2013-5326) that could be leveraged by a remotely authenticated user when the CFIDE directory is exposed (in ColdFusion 10 and earlier).
Another security hole plugged by the ColdFusion hotfix would allow unauthorized remote read access.