Adobe fixes bevy of critical Shockwave Player vulnerabilities

The popular browser component had 20 holes, 18 considered critical, enabling an attacker to execute code remotely, gain access to files and take control of a victim's computer.

Adobe Systems Inc. repaired 20 vulnerabilities in its Shockwave Player in a critical update issued late Tuesday

that blocks attackers from remotely exploiting the flaws.

The holes were identified in Adobe Shockwave Player 11.5.7.609 running on Microsoft Windows and Apple Mac OS X. Adobe said it knew of no ongoing attacks against the flaws in the wild. The update repairs more than a dozen memory corruption vulnerabilities and several denial-of-service flaws.

Adobe Shockwave Player is used as a plug-in in hundreds of millions of Web browsers and has been a favorite target of attackers in recent years. In a recent interview, Brad Arkin, senior director of product security and privacy at Adobe, said the company has been increasing its transparency on its software security processes and investing in ways to better protect users from attacks. The majority of users that fall victim to attacks fail to keep the software up to date, he said.

Adobe said some of the flaws corrected in the latest update enable an attacker to execute code remotely, gain access to system files and take control of an affected computer.

"The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said in its Shockwave Player security bulletin. "Adobe categorizes this as a critical update and recommends that users apply the update for their product installations."

Adobe said users should upgrade to Shockwave Player 11.5.8.612. The company credited the finds to a number of researchers, including several anonymous submissions to TippingPoint's Zero Day Initiative and VeriSign's iDefense Labs Vulnerability Contributor Program.

Dig deeper on Web Application Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close