Six critical vulnerabilities in Adobe Shockwave patched

Filed Under: Adobe, Featured, Malware, OS X, Vulnerability, Windows

Adobe ShockwaveIf your Windows or Mac computer uses the Adobe Shockwave Player, it's time to update your systems.

Adobe has issued an advisory, warning of a number of security vulnerabilities in its Shockwave media player software, and is urging users to update to Adobe Shockwave Player 11.6.8.638.

According to the firm, the update addresses vulnerabilities that could allow attackers to run malicious code on affected systems. Specifically, it addresses buffer overflow and array out of bounds vulnerabilities that could lead to code execution.

In plain English, unless you are up-to-date with your patches boobytrapped Shockwave content could infect your computer with a Trojan horse or other form of malware.

Adobe recommends that users of Adobe Shockwave Player 11.6.7.637 and earlier update to the new version 11.6.8.638 immediately. It's available from Adobe's website at get.adobe.com/shockwave/.

Note that Adobe Shockwave is a different technology from the more commonly encountered Flash software from the same company.

Many users may not have any requirement for Shockwave. You can check if your computer currently has Shockwave installed by visiting this page on the Adobe website.

, ,

You might like

4 Responses to Six critical vulnerabilities in Adobe Shockwave patched

  1. Andrew Symmons · 725 days ago

    HOW LONG WILL IT TAKE ADOBE TO TELL US THAT THERE IS A PROBLEM WITH THIS NEW VERSION.?

    • jimmyc · 724 days ago

      about as long as it takes for the next zero day expolit

  2. JimboC · 725 days ago

    Thanks for the blog post on this security update.

    Since Adobe released this update along with a security advisory on Tuesday afternoon (UK time), why did it take so long to create this blog post?

    I don’t mean any offense or lack of gratitude when I write this. I simply want to point out that for security articles to provide the notifications and awareness they are supposed to convey, they also need to be timely. Perhaps this blog post could have been created on Wednesday, the 24th of October?

    Thanks.

  3. DeadCaL · 725 days ago

    Can't remember the last time I needed Shockwave in my browser. Is it still used for anything?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.