Adobe has released two advisories today (APSB13-01 & APSB13-02) for Flash and Acrobat/Reader and updated their recent advisory for ColdFusion.

The Flash patch applies to all versions including Windows, Linux, Mac, Android, embedded in Chrome & IE 10, and AIR.  This is a serious bug, since Adobe is admitting that it is a buffer overflow which could be exploited by a malicious or compromised server to gain remote control of the system.  Adobe has identified at least the Windows version of this vulnerability as being exploited in the wild.

The Acrobat/Reader patch addresses a whopping 26 different vulnerabilities for all supported versions on Windows, Linux, and Mac.  Given the popularity of Adobe exploits and the large attack surface that is being revealed with this patch, it his highly advisable that administrators (and users) apply thisfla patch immediately.  Again, Adobe has identified the Windows 9.5 version of this patch as being actively exploited in the wild and that all other versions will likely see exploits within 30 days.

Adobe has not yet offered a patch for the ColdFusion issue, which is also being actively exploited; however, the weakness can be mitigated by configuring a password and restricting access to administration URLs.

Happy patching.

-Ross