Adobe fixes 20 vulnerabilities in Shockwave Player

Most of the vulnerabilities could allow an attacker to run rogue code on a computer

Adobe Systems patched 20 security vulnerabilities in its Shockwave Player on Tuesday. Most of the flaws could allow an attacker to run their own code on an affected computer.

The vulnerabilities are in versions of Shockwave Player up to version 11.5.7.609, on both Apple's Mac OS X and Microsoft Windows. The patched version is 11.5.8.612, according to an Adobe advisory.

Eighteen of the problems could lead to code execution, while the remaining two are denial of service issues, one of which could possibly lead to remote code execution.

Shockwave Player is used to display content created by Adobe's Director program, which offers advanced tools for creating interactive content, including Flash. The Director application can be used for creating 3D models, high-quality images and full-screen or long-form digital content and offers greater control over how those elements are displayed.

The problems were discovered by various researchers, and Adobe credited Fortinet and Check Point, as well as anonymous researchers who contributed to TippingPoint's Zero Day Initiative and iDefense's Vulnerability Contributor Program, both of which will pay researchers for vulnerability information if they meet certain conditions.

Adobe says its Shockwave software is installed on more than 450 million desktops. Adobe has stepped up its security program as attackers have focused on trying to find vulnerabilities in its applications due to their wide installation base.

Send news tips and comments to jeremy_kirk@idg.com

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

References show all
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: patches, Shockwave Player, exploits and vulnerabilities, applications, Adobe Systems, security, software
Whitepapers
All whitepapers

Queensland Police arrest man for allegedly hacking US gaming developer site

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Sign up now to get free exclusive access to reports, research and invitation only events.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia