Macromedia announced that it has released a series of patches to fix security flaws in its MX 2004 line of products for Mac OS X. The flaws affected the following products, Macromedia Contribute 2, Macromedia Dreamweaver MX 2004, Macromedia Fireworks MX 2004, Macromedia Flash MX 2004, Macromedia Flash MX Professional 2004 and Macromedia Studio MX 2004. The fixed flaws could be used by malicious users to increase their privileges on a computer where the applications had been installed.
Macromedia warned that Macintosh versions of the product installers and the e-licensing client installed a service whose file permissions allowed “other” users to write to the file. The company added that this might allow one local user to obtain the permissions of another local user, including an administrator, and lead to a “moderate” privilege escalation threat.
According to Macromedia, the flaw only affected applications installed on computers with multiple users. The flaws are not a threat under typical installation of products where the computer is used by a single user who is already considered an administrator, the company stated. The patches are currently available for download.
Macromedia MX 2004 applications include client and server-based development tools for building websites. The software suite contains Flash for graphics and Shockwave for animation and is available for both Windows and Mac OS platforms.
Macromedia has recently released an update for Dreamweaver MX 2004 to enhance the performance and stability of the application. Macromedia said that the update should make the Dreamweaver work as intended by the company.
