News Stay informed about the latest enterprise technology news and product updates.

Adobe warns of critical Shockwave Flash Player zero-day

The vulnerability could be exploited by an attacker to cause a crash and take control of a victim's system.

Adobe Systems Inc. issued an advisory, Thursday, warning about a critical zero-day vulnerability in Shockwave Player that could cause the program to crash and enable an attacker to take complete control of a victim's system.

Adobe said it was not aware of any attacks exploiting the vulnerability, but security experts said Thursday that exploit code targeting the new zero-day has surfaced. The zero-day flaw affects Adobe Shockwave Player and earlier versions running on Windows and Mac OS X.

"We are currently working on determining the schedule for an update to address this vulnerability in Adobe Shockwave Player," Adobe said in its security advisory.

The vulnerability was disclosed by researchers at Abysssec, a security consultancy that does penetration testing, reverse engineering and coding projects. In an advisory, the firm said an attacker could remotely exploit the Shockwave Player memory corruption error. The flaw is in the way the player's plug-in loads Adobe Director video files.

Abyssec said security protections in Windows 7 and Windows Vista would not protect users.

Danish vulnerability clearinghouse Secunia rated the vulnerability "extremely critical." In its advisory, Secunia said the Shockwave Player flaw is due to an array-indexing error.

- Robert Westervelt

Dig Deeper on Productivity apps and messaging security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.