Article

Adobe fixes bevy of critical Shockwave Player vulnerabilities

Robert Westervelt, News Director

Adobe Systems Inc. repaired 20 vulnerabilities in its Shockwave Player in a critical update issued late Tuesday that blocks attackers from remotely exploiting the flaws.

The holes were identified in Adobe Shockwave Player 11.5.7.609 running on Microsoft Windows and Apple Mac OS X. Adobe said it knew of no ongoing attacks against the flaws in the wild. The update repairs more than a dozen memory corruption vulnerabilities and several denial-of-service flaws.

    Requires Free Membership to View

Adobe Shockwave Player is used as a plug-in in hundreds of millions of Web browsers and has been a favorite target of attackers in recent years. In a recent interview, Brad Arkin, senior director of product security and privacy at Adobe, said the company has been increasing its transparency on its software security processes and investing in ways to better protect users from attacks. The majority of users that fall victim to attacks fail to keep the software up to date, he said.

Adobe said some of the flaws corrected in the latest update enable an attacker to execute code remotely, gain access to system files and take control of an affected computer.

"The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said in its Shockwave Player security bulletin. "Adobe categorizes this as a critical update and recommends that users apply the update for their product installations."

Adobe said users should upgrade to Shockwave Player 11.5.8.612. The company credited the finds to a number of researchers, including several anonymous submissions to TippingPoint's Zero Day Initiative and VeriSign's iDefense Labs Vulnerability Contributor Program.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: