Adobe recently fixed a number of critical vulnerabilities in its Shockwave Player. A total of six critical problems were discovered by the company that could potentially be exploited by hackers to execute malicious code. These vulnerabilities have since been patched, however, thanks to Adobe’s version 18.104.22.1688 of the Shockwave Player software.
Five out of the six flaws that were patched were buffer overflow vulnerabilities with the other vulnerability being an out-of-bounds array bug. Adobe credited the discovery of these vulnerabilities to two individuals: CERT’s Will Dormann and Honggang Ren of Fortinet’s FortiGuard Labs.
Adobe stated in a recent security advisory accompanying the release of the patch, “Adobe recommends users of Adobe Shockwave Player 22.214.171.1247 and earlier versions update to the newest version 126.96.36.1998.” The company also announced that the new version is available for both Windows and Mac users.
Adobe’s Senior Manager of Corporate Communications Wiebke Lips added to the previous statement in an email saying, “Adobe is not aware of any exploits in the wild for any of the issues patched in this release.” Which basically means that the vulnerabilities were there but there was no evidence of anybody using them for malicious intent.
Shockwave Player, which isn’t nearly as popular as Flash Player, is installed on 450 million internet-enabled desktops, according to the company, which could make it an attractive target for hackers. Shockwave Player is required to display online content crated with Adobe’s Director software, like 3D games, product demonstrations, simulations or e-learning courses that are found within internet browsers.
Source: Computer World – Adobe patches six critical flaws in Shockwave Player