Adobe is working on patching a critical flaw in its application server platform ColdFusion, the company has confirmed.
The company reports that the flaw could lead to unauthorised access to files stored on servers using ColdFusion. Adobe expects to release Windows, Apple and UNIX patches for the flaw by 14 May.
According to an Adobe security advisory, an exploit for the flaw is currently in the wild. Adobe says that it affects ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0. The company reports that Marcin Siedlarz of Symantec Security Response made them aware of the issue.
Until a patch is made for Vulnerability CVE-2013-3336, Adobe recommends users restrict ColdFusion access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/getting started directories.
Adobe also recommends that users read up on ColdFusion lockdown guides to better understand security best practices for the platform.
News of the issue comes following two ColdFusion patches being released early last month. The low-priority patches were said to fix an issue allowing hackers to perform spoofing and elevation of privilege attacks on user accounts.
ColdFusion has been a target for hackers in the past, who began to take aim at the platform as far back as 2009. Security research firm Sans reported that hackers were attacking the platform's development tool in June of that year.
Late last month, McAfee also discovered a zero-day vulnerability in Adobe Reader. McAfee reported that the flaw could be exploited to perform an advanced persistent threat hack.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago