Adobe releases out-of-band security patches – amazingly not for Flash
ColdFusion, LiveCycle and Premiere get fixed
Today, Adobe released important patches for some of its other products – people still using Flash can stand down, however.
Web app development kit ColdFusion has a couple of patches for versions 10 and 11 for holes that could be exploited to pull off cross-site scripting attacks. Meanwhile, BlazeDS server-side software has been updated to kill off a request forgery vulnerability.
There's a single patch for Adobe's LiveCycle Data Services versions 3.0 to 4.7 to fix flaws in the PC, Mac, and Linux software. This also updates the bundled BlazeDS software to fix the above server-side flaw.
Apple users using Adobe Premiere Clip version 1.1.1 will also need to apply a patch. There's a flaw in the way the mobile application handles input validation issues that needs to be fixed, but the patch is only labeled important, rather than critical.
Adobe says that it hasn't seen any evidence that these flaws are being exploited in the wild, but that users should patch anyway, just to be on the safe side – certainly before hackers reverse-engineer the updates and start abusing the bugs. ®