Skip to content

Adobe Warns of ‘Very Limited Attacks’ Exploiting ColdFusion Zero-Day “The Secret to Unlocking Your Full Potential: Uncovering the Power Within You!”

Software maker Adobe recently issued an urgent warning about a zero-day vulnerability in its Adobe ColdFusion web app development platform being exploited in-the-wild in “very limited attacks”. The company released patches for a whopping 106 vulnerabilities in a wide range of products, some serious enough to expose both Windows and macOS users to remote code execution attacks.

Adobe’s warning was embedded in a critical-severity level advisory that contains patches for ColdFusion versions 2021 and 2018. The ColdFusion update also features a second critical bug (CVSS 9.8) that could lead to code execution attacks.

The company also fixed a critical-level vulnerability in the popular Adobe Photoshop (Windows and macOS), a separate code execution flaw in the Adobe Creative Cloud desktop application, and 16 new issues in the Adobe Substance 3D Stager.

Adobe’s PSIRT said the patches cover software defects that “could lead to arbitrary code execution, arbitrary file system read and memory leak.” The company described the exploited vulnerability as a critical arbitrary file system read vulnerability with a CVSS base score of 8.6/10.

Adobe’s warning is a reminder of the importance of keeping software up to date and patching all vulnerabilities as soon as possible. To keep users’ systems secure, Adobe recommends that users and administrators update their installations of ColdFusion and other Adobe products as soon as possible.

Key Points:
• Adobe recently issued an urgent warning about a zero-day vulnerability in its Adobe ColdFusion web app development platform.
• The company released patches for a whopping 106 vulnerabilities in a wide range of products.
• The ColdFusion update also features a second critical bug (CVSS 9.8) that could lead to code execution attacks.
• Adobe’s PSIRT said the patches cover software defects that “could lead to arbitrary code execution, arbitrary file system read and memory leak.”
• To keep users’ systems secure, Adobe recommends that users and administrators update their installations of ColdFusion and other Adobe products as soon as possible.

Leave a Reply

Your email address will not be published. Required fields are marked *