Adobe fixes critical holes in Shockwave
While all the world is still talking about holes in Internet Explorer and Flash, Adobe has casually closed two critical security holes in Shockwave that allow attackers to inject and execute code. Both Windows and Mac OS X versions of Shockwave up to and including 18.104.22.1682 are affected.
The flaws were apparently discovered by security experts at Secunia, who rate the problem as "highly critical". The recommended update procedure involves uninstalling the old version, rebooting the computer and then installing the new version 22.214.171.1246. Adobe did not, however, give any reasons why the process is so involved.
It seems that, this time, the vendor has responded exceedingly fast: According to Secunia, the problem was only reported to Adobe on the 12th of January. The regular quarterly patch day Adobe introduced last summer only relates to Adobe Reader and Acrobat.
- Security update available for Shockwave Player, security advisory from Adobe.
- Adobe patches critical vulnerabilities in Shockwave Player, a report from The H.