Adobe has issues a security patch for the Adobe Shockwave software program that fixes one vulnerability that has been rated critical by Adobe Software. The vulnerability gives attackers, who can attack systems remotely, control over affected computer systems. The interesting aspect of the issued patch is that Adobe recommends to completely uninstall Adobe Shockwave 11.5.0.596 or earlier on the computer systems before installing the latest version of the software product. The latest version includes a fix so that computers can no longer be attacked with exploits that target this particular vulnerability.
To secure a computer system running Adobe Shockwave a user would therefor have to uninstall Adobe Shockwave, perform a system restart and install the latest version of Shockwave after the reboot.
The Security Bulletin that has been published at the Adobe website gives little information about the vulnerability other than it can be remotely exploited and that it only affects the Microsoft Windows operating system. Users are encouraged to download the latest version of Adobe Shockwave from the program’s website.
It should also be noted that this vulnerability targets only Adobe Shockwave and not Adobe Flash. Thanks goes to Dante for sending me the information via email.
Update: The latest version of Adobe Shockwave can be downloaded from the official website. It is always recommended to upgrade Shockwave to the latest version whenever an update is released by Adobe Software.
Maybe you are interested to know the difference between Shockwave Player and Adobe Flash? Shockwave Player includes Adobe Flash, it goes beyond what Flash offers. According to Adobe, the player is used to display destination Web content, interactive multimedia product demos, training, e-merchandising applications ad rich-media multi-user games.
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook or Twitter.Related Articles:
Adobe Patch Day Brings Fixes For Flash, Shockwave And Adobe ReaderAdobe Reader 9.3.3 Released, Fixes Critical Security Issues
Adobe Fixes Adobe Download Manager Vulnerability
Critical Adobe Reader And Flash Vulnerabilities Emerge
New Critical 0-day Flash Vulnerability Exploited Via Excel Attachments
I am somewhat confused this because this is relatively old news from tuesday one week ago (2009-06-16)
The release date of the update was June 23, 2009
Again i have to wright that the Adobe Shockwave Player 11.5.0.600 was already released on tuesday one week ago (2009-06-16) and could be that tuesday already be downloaded from the majorgeeks website.
sea for yourself at http://www.majorgeeks.com/oldnews9.html
Yes but the vulnerability was disclosed (or updated) on June, 23
Ferry strange indeed this because its (no more than) normal when a manufacturer (in this case Adobe) updates his (Adobe) product the manufacturer wil give it (the software) a new release number.
This is odd as I always thought just like the flash installer, the shockwave one always uninstalled the previous version first before continuing.
Paulus should write to Adobe and ask them. Because Adobe clearly issued their bulletin here http://www.adobe.com/support/security/bulletins/apsb09-08.html on 6/23/09. As to why Adobe wants people to uninstall first before installing the new version: I would hazard a guess that a normal Shockwave uninstall leaves artifacts behind and one needs to do a “custom” uninstall to remove all.