Shockwave Player critical holes closed
Adobe has updated Shockwave Player on Windows and Mac OS X to version 220.127.116.114 after identifying nine critical vulnerabilities. The problems affect Shockwave Player 18.104.22.1683 and all earlier versions on Windows and Mac OS X – Adobe recommend updating to the new release by downloading it from get.adobe.com/shockwave. To identify whether Shockwave Player is installed on a system, users should visit the test page on Adobe's site.
The majority of the problems are in the Shockwave 3D Asset where seven memory corruption vulnerabilities could lead to code execution; these were all reported by Hongnang Ren of FortiGuard Labs. An eighth memory corruption issue and a heap overflow vulnerability, both of which could also lead to code execution, were reported by "instruder" of vulnhunt.com and bring the flaw tally up to nine.
- Security update available for Adobe Shockwave Player, Adobe Security Bulletin.