Adobe Product Security Incident Response Team (PSIRT)

Adobe is aware of reports of ColdFusion websites being compromised through a vulnerability in the FCKEditor rich text editor, which is installed with ColdFusion 8. Adobe is working on an update to ColdFusion to resolve the issue, which we expect to make available next week. In the meantime, ColdFusion 8 administrators are advised to mitigate this issue by following the steps below:

1. Disable connectors by setting config.Enabled to false in the editor/filemanager/connectors/cfm/config.cfm file.
2. Remove unused cfm files under editor/filemanager/connectors/cfm directory of the FCKeditor.
3. Inspect FCKeditor directories for content that has already been uploaded. The uploaded files go under the directory specified in the config.UserFilesPath set in config.cfm.

This posting is provided "AS IS" with no warranties and confers no rights.

Posted by David Lenoe at 8:02 PM | Permalink | Comments (0)

A Security Bulletin has been posted for Shockwave Player. Adobe is not currently aware of any exploits in the wild for this issue.

This posting is provided "AS IS" with no warranties and confers no rights.

Posted by Wendy Poland at 11:00 AM | Permalink | Comments (0)

We released security updates for Adobe Reader 9.1.2 for Unix and Adobe Reader 8.1.6 for Unix today. Our June 9 Security Bulletin APSB09-07 has been updated to reflect the availability of these updates. Adobe is not currently aware of any exploits in the wild for these issues.

This posting is provided “AS IS” with no warranties and confers no rights.

Posted by Wendy Poland at 1:49 PM | Permalink | Comments (0)

Today we posted a Security Bulletin and provided Adobe Reader and Acrobat patches to our Product Update area. This is the first quarterly security update for Adobe Reader and Acrobat as described in our May 20 blog post, and incorporates the initial output of code hardening efforts. Today’s updates also address externally reported issues, as detailed in our Security Bulletin. Adobe is not currently aware of any exploits in the wild for these issues.

This posting is provided “AS IS” with no warranties and confers no rights.

Posted by Wendy Poland at 2:09 PM | Permalink | Comments (0)

Adobe expects to deliver security updates for Adobe Reader and Acrobat versions 7.x, 8.x, and 9.x for Windows and Macintosh on Tuesday, June 9. This is the first quarterly security update for Adobe Reader and Acrobat as described in our May 20 blog post, and incorporates the initial output of code hardening efforts.

Adobe considers this a critical update and recommends users be prepared to apply the update for their product installations. Details of where to download updates will be posted to Adobe’s Security Bulletins and Advisories support page on June 9.

Details regarding security updates for the UNIX platform will be communicated when available.

This posting is provided “AS IS” with no warranties and confers no rights.

Posted by Brad Arkin at 2:58 PM | Permalink | Comments (0)