Adobe Systems Inc. issued a critical update to its Shockwave Player repairing eight vulnerabilities that could enable attackers to infect machines with data stealing malware.
In an update issued Wednesday, Adobe said the update affects Shockwave Player 220.127.116.112 and earlier versions for Windows and Macintosh. The software maker urged users to uninstall Shockwave Player and reinstall the latest version: Shockwave version 18.104.22.1686.
The updates resolve a buffer overflow vulnerability and multiple integer overflow vulnerabilities that could lead to code execution.
Shockwave Player is one of the most widely distributed pieces of software, with more than 450 million users. Danish vulnerability clearinghouse, Secunia Research gave the Shockwave Player flaws a highly critical rating. The errors can be exploited when malicious code forces the player to render 3D graphics models. The issues were discovered by Secunia researcher Alin Rad Pop.