Adobe patches 11 holes in Shockwave Player
Adobe has published a security update for its Shockwave Player to close eleven security holes. One is a hole that was made known a week ago, the ten others were previously unknown. The update is not related to the hole reported yesterday in Flash Player and Reader, which are different products.
A demo exploit is already in circulation for the known Shockwave hole, which opens the Windows calculator when a manipulated web page is visited. However, at present there is no indication that criminals have adapted the exploit to infect Windows PCs with malware. The exploit currently only functions under Windows XP SP3.
Users of Shockwave Player should nonetheless immediately install the update. Version 220.127.116.112 for Windows and Mac OS X is available to download from the company's site. Users can check online to see if Shockwave is installed on their systems by visiting Adobe's Shockwave Player page.