released March 1 2019, for CF11/2016/2018, Part 1
This is an urgent announcement to CF users: Adobe has released a security update today, March 1 2019, for CF 11 update 18, CF2016 update 10, and 2018 update 3.
All CF shops are urged to install this update immediately, to implement new protections against a known attack happening in the wild.It’s identified in the associated Adobe Product Security Bulletin, APSB19-14, as a priority 1 critical vulnerability.
I will add that I can vouch personally for the significance of the vulnerability, as I reported it to the Adobe Product Security Incident Response Team (PSIRT), and I proposed the fix which was implemented. (I also know what was done specifically to perpetrate the attack, and the very negative consequences of what happened once the server of a client of mine was attacked. You don’t want this to happen to you.) I plan to share much more tomorrow in a part-2 post. See below.