Adobe posts patch for ColdFusion server flaw

Administrators running Adobe ColdFusion are being advised to update their servers following the release of a security patch.

The company said that the update would address a handful privilege elevation in the web application server platform. The update covers both ColdFusion 9 and 10 builds for the Windows, Unix and OS X versions of the platform.

According to Adobe, the four flaws addressed in the patch could potentially allow a remote attacker to circumvent privacy controls on ColdFusion servers. In the most severe cases, an attacker would be able to assume total control over the targeted server.

Due to the nature of the vulnerabilities and because of reports that the flaws are being actively targeted in the wild, Adobe has given the patch its highest priority rating.

Adobe said that the top priority rating is usually reserved for serious flaws which are already or will likely soon be targeted in the wild.

Administrators can obtain the ColdFusion update from Adobe as a direct download. The company noted that ColdFusion 10 systems should have the "mandatory update" package installed before running the fix.

The release is the latest in what has been a busy week for security updates. Earlier this week Oracle issued a massive 86-patch security release, and the discovery of a new zero-day flaw in Java will likely necessitate another patch release in the coming days.