News
Adobe releases emergency patches for ColdFusion due to a serious vulnerability
The company urges system administrators to urgently install security updates
- December 25, 2024
- Updated: December 25, 2024 at 8:28 AM
Adobe has released several security updates to address a critical vulnerability in ColdFusion that already has a proof-of-concept (PoC) code for its exploitation. This vulnerability, identified as CVE-2024-53961, allows attackers to read arbitrary files on compromised servers. It has been confirmed that the security flaw affects the 2023 and 2021 versions of ColdFusion.
Subscribe to the Softonic newsletter and get the latest in tech, gaming, entertainment and deals right in your inbox.
Subscribe (it's FREE) ►In a statement issued on Monday, Adobe noted that the vulnerability has a high risk of being used in real cyber attacks. “Adobe is aware that CVE-2024-53961 has a proof-of-concept code that could lead to arbitrary file system reading,” the company warned. Additionally, it rated the vulnerability with a severity priority “1”, indicating a higher risk of active attacks on specific products and platforms.
The company urges system administrators to urgently install the security updates (ColdFusion 2021 Update 18 and ColdFusion 2023 Update 12), recommending doing so within a maximum period of 72 hours. Additionally, it has suggested implementing the security configurations described in the ColdFusion 2021 and 2023 lockdown guides to mitigate potential risks.
Although Adobe has not confirmed whether this vulnerability has been actively exploited, it has indicated that customers should review the updated documentation on serialization filters to protect against unsafe Wddx deserialization attacks. According to the Cybersecurity and Infrastructure Security Agency (CISA) of the United States, this type of vulnerabilities are especially dangerous, as they can be used to access sensitive data, such as credentials, which in turn could allow unauthorized access to systems.
CISA already alerted in 2023 about several critical vulnerabilities in ColdFusion, forcing U.S. federal agencies to patch servers against attacks. Additionally, it revealed in March of the same year that hackers exploit similar flaws in outdated government servers.
Publicist and audiovisual producer in love with social networks. I spend more time thinking about which videogames I will play than playing them.
Latest from Pedro Domínguez
- Researchers warn about the use of generative AI to evade malware detection
- Ray-Ban Meta glasses: the future of mixed reality is getting closer and closer
- Instagram tests a new way to highlight content from your friends that you haven't seen
- WhatsApp will allow you to react more quickly to Christmas messages
You may also like
What has been the best series of the year according to the critics?
Read more
The 4 best Christmas comics in history
Read more
Why do Japanese people rush to eat fried chicken at Christmas?
Read more
Pokémon Go wants you to end the year in the best possible way: capturing pokémons
Read more
Tamagotchi, but with a computer: the bizarre story of one of the weirdest video games in the world
Read more
Creature Commandos has been such a success on Max that the second season has already been confirmed
Read more