A few days ago, I posted an alert mentioning how Adobe Patch Day was particularly light, and pointing out the one minor Flash Player update. Turns out Adobe had other updates in store for us, they just missed their self-appointed patch day.
Today, Adobe released a Shockwave Player update fixing a single critical Shockwave Player vulnerability. They share almost no technical detail about the flaw, other than it is a memory corruption issue that remote attackers could leverage to execute code on a victim’s computer; presumably by getting them to view or interact with malicious Shockwave content. Though it doesn’t look like attackers are exploiting it in the wild yet, this flaw is quite a bit more severe than the Flash flaws mentioned earlier in the week. Nonetheless, Adobe only assigns them a priority (severity) rating of 2, which means you should update in the next 30 days. I think this is a slightly bigger deal than that, and recommend you update Shockwave as soon as you can. If you are using Adobe’s automatic updater, it should be relatively easy to do so. — Corey Nachreiner, CISSP (@SecAdept
Leave a Reply