ManageEngine’s own security and patch expert Mike is back at it again with a report on new vulnerabilities in three different Adobe products. According to Mike, there are two vulnerabilities in Flash Player, four in ColdFusion, and two in RoboHelp. Out of these eight vulnerabilities, five are marked as critical.
Although there are no reports of hackers taking advantage of these vulnerabilities yet, theoretically attackers could use these zero-day vulnerabilities to remotely execute code on all major operating systems, including Windows, Mac, and Linux.
With the high number of network breaches that occurred this year, it’s highly recommended to patch zero-day vulnerabilities right away to avoid any remote code execution and data loss.
Patching Adobe vulnerabilities.
Updates for these vulnerabilities are available below:
- Patch the latest Flash Player vulnerabilities by installing the newest Flash Player update, 22.214.171.124.
- Three critical vulnerabilities exist in Cold Fusion, including a XML parsing vulnerability, an XSS bug that could lead to information disclosure, and finally a vulnerability that paves the way for remote code execution. Vulnerabilities in ColdFusion have been patched in the latest version, specifically updates 5 and 13.
- The remaining two vulnerabilities were reported in the Windows version of Adobe’s help authoring tool, RoboHelp. These vulnerabilities allow attackers to initiate DOM-based XSS attacks to deliver malware. Both vulnerabilities were patched in the latest version of RoboHelp, RH2017.0.2 and RH126.96.36.1990.
From Skype to Foxit, zero-day vulnerabilities are becoming more and more prevalent. In light of these attacks, you can either wait for attackers to exploit new vulnerabilities, or you can follow our security expert’s advice and patch all your endpoints as soon as updates become available. If you’re having trouble updating multiple systems, a patch management tool like Desktop Central can do the trick.