Adobe closes critical holes in Shockwave
Adobe has updated its Shockwave player to version 184.108.40.2063, closing several critical security holes that allowed attackers to inject malicious code into a victim's system. Two of the holes are contained in the Director's DIRapi library, while another can be found in the TextXtra module. All the holes are memory corruption vulnerabilities and were confidentially reported to Adobe by security researchers. The company is currently keeping the details under wraps.
As the Shockwave player is incorporated as an add-on in many browsers, just visiting a specially crafted web page is enough for a computer to become infected. Versions up to and including 220.127.116.119 for Windows and Mac OS X are affected. Users can find out which version of the Shockwave plug-in they are currently using by visiting Adobe's test page in their browser.