Adobe is working on patching a critical flaw in its application server platform ColdFusion, the company has confirmed.
The company reports that the flaw could lead to unauthorised access to files stored on servers using ColdFusion. Adobe expects to release Windows, Apple and UNIX patches for the flaw by 14 May.
According to an Adobe security advisory, an exploit for the flaw is currently in the wild. Adobe says that it affects ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0. The company reports that Marcin Siedlarz of Symantec Security Response made them aware of the issue.
Until a patch is made for Vulnerability CVE-2013-3336, Adobe recommends users restrict ColdFusion access to the CFIDE/administrator, CFIDE/adminapi and CFIDE/getting started directories.
Adobe also recommends that users read up on ColdFusion lockdown guides to better understand security best practices for the platform.
News of the issue comes following two ColdFusion patches being released early last month. The low-priority patches were said to fix an issue allowing hackers to perform spoofing and elevation of privilege attacks on user accounts.
ColdFusion has been a target for hackers in the past, who began to take aim at the platform as far back as 2009. Security research firm Sans reported that hackers were attacking the platform's development tool in June of that year.
Late last month, McAfee also discovered a zero-day vulnerability in Adobe Reader. McAfee reported that the flaw could be exploited to perform an advanced persistent threat hack.
Geoengineering on the sea floor near glaciers would form a new ice shelf to prevent melting
Alterations in capillary blood flow can be caused by body position change
Curiosity rover is in 'normal mode' but not transmitting scientific data back to base
NatWest outage comes a day after Barclays' IT systems shut out customers and staff