14 DAY TRIAL // Some serious vulnerabilities that could have allowed an attacker to launch a cross-site scripting (XSS) attack on Adobe’s ColdFusion customers were patched up with the latest hotfix.
Shawn Gorrell and Howard Fore of the Federal Reserve Bank of Atlanta, and Oren Hafif from Hacktics ASC, Ernst & Young were the ones to report the issues found in the web development platform.
Since the flaws affect all operating systems, Adobe ColdFusion users who rely on the 9.01 and prior variants are advised to immediately apply the patch to make sure their protected against malicious operations coming from the Internet.
Note that there are two updates, one for those who applied the previously released hotfix and one for the users who haven’t done so.
While it’s a good thing that Adobe is patching up their products, there’s still no word on the much-awaited fixes for Acrobat and Reader, which have been discovered to have some serious holes.