Select Page

It’s Patch Tuesday week!

Adobe has just released the latest June 2019 software updates to address a total 11 security vulnerabilities in its three widely-used products Adobe ColdFusion, Flash Player, and Adobe Campaign.

Out of these, three vulnerabilities affect Adobe ColdFusion, a commercial rapid web application development platform—all critical in severity—that could lead to arbitrary code execution attacks.

Here below you can find brief information about all newly patched ColdFusion flaws:

  • CVE-2019-7838 — This vulnerability has been categorised as “File extension blacklist bypass” and can be exploited if the file uploads directory is web accessible.
  • CVE-2019-7839 — There’s a command injection vulnerability in ColdFusion 2016 and 2018 editions, but it does not impact ColdFusion version 11.
  • CVE-2019-7840 — This flaw originates from the deserialisation of untrusted data and also leads to arbitrary code execution on the system.

Besides ColdFusion, Adobe has patched just one vulnerability (CVE-2019-7845) in the infamous Flash Player software this month, which is also critical in severity and leads to arbitrary code execution on the affected Windows, macOS, Linux or Chrome OS-based system.

This flaw was reported by an anonymous cybersecurity researcher to the Adobe and can now be patched by installing the latest Flash player version

images from Hacker News