Modernizing Authentication — What It Takes to Transform Secure Access
has released a series of patches to plug security holes in its flagship Macromedia MX 2004 products.
The San Francisco-based software and platform provider, which also markets products for content building and graphics design, said vulnerabilities were found in products for the Mac OS X platform and could be exploited by malicious users to escalate their privileges.
Affected products include Macromedia Studio MX 2004, Macromedia Flash MX Professional 2004, Macromedia Flash MX 2004, Macromedia Fireworks MX 2004, Macromedia Dreamweaver MX 2004 and Macromedia Contribute 2.
"Macintosh versions of the Macromedia installers and e-licensing client install a service whose file permissions allow "other" users to write to the file," the company warned. "This may allow one local user to obtain the permissions of another local user (including an admin user) and leads to a "moderate" privilege escalation threat.
Macromedia said the flaw only affects products installed on machines with multiple users and does not appear to be a threat under typical installation of products where the computer's only user is already considered the administrator.
The company said the patches to fix the security holes are currently available for download.
The Macromedia MX software suite combines client and server-based development tools for creating Web applications. It combines Flash for graphics and Shockwave for animation and have been integrated into offerings from both Microsoft
and Apple Computer
Separately, Macromedia released an update for Dreamweaver MX 2004 to speed up the operation of the software and to improve performance and stability.
The update promises that Dreamweaver will run up to 50 percent faster on Windows and up to 70 percent faster on the OS X.