Adobe releases emergency updates to fix a critical vulnerability for ColdFusion web app development platform. The bug can lead to arbitrary code execution and has been exploited in the wild. The security issue allows an attacker to bypass restrictions for uploading files. An independent consultant credited for reporting the vulnerability said Adobe released a fix “within days”” The consultant did not share any details about how the hackers managed to carry out the attack
Source: