Adobe Fixes Critical Shockwave Vulnerability - gHacks Tech News

Adobe Fixes Critical Shockwave Vulnerability

Adobe has issues a security patch for the Adobe Shockwave software program that fixes one vulnerability that has been rated critical by Adobe Software. The vulnerability gives attackers, who can attack systems remotely, control over affected computer systems. The interesting aspect of the issued patch is that Adobe recommends to completely uninstall Adobe Shockwave 11.5.0.596 or earlier on the computer systems before installing the latest version of the software product. The latest version includes a fix so that computers can no longer be attacked with exploits that target this particular vulnerability.

To secure a computer system running Adobe Shockwave a user would therefor have to uninstall Adobe Shockwave, perform a system restart and install the latest version of Shockwave after the reboot.

The Security Bulletin that has been published at the Adobe website gives little information about the vulnerability other than it can be remotely exploited and that it only affects the Microsoft Windows operating system. Users are encouraged to download the latest version of Adobe Shockwave from the program's website.

It should also be noted that this vulnerability targets only Adobe Shockwave and not Adobe Flash. Thanks goes to Dante for sending me the information via email.

Update: The latest version of Adobe Shockwave can be downloaded from the official website. It is always recommended to upgrade Shockwave to the latest version whenever an update is released by Adobe Software.

Maybe you are interested to know the difference between Shockwave Player and Adobe Flash? Shockwave Player includes Adobe Flash, it goes beyond what Flash offers. According to Adobe, the player is used to display destination Web content, interactive multimedia product demos, training, e-merchandising applications ad rich-media multi-user games.





  • We need your help

    Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

    We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.

    If you like our content, and would like to help, please consider making a contribution:

    Comments

    1. paulus said on June 25, 2009 at 10:28 am
      Reply

      I am somewhat confused this because this is relatively old news from tuesday one week ago (2009-06-16)

    2. Martin said on June 25, 2009 at 10:41 am
      Reply

      The release date of the update was June 23, 2009

    3. paulus said on June 25, 2009 at 10:56 am
      Reply

      Again i have to wright that the Adobe Shockwave Player 11.5.0.600 was already released on tuesday one week ago (2009-06-16) and could be that tuesday already be downloaded from the majorgeeks website.
      sea for yourself at http://www.majorgeeks.com/oldnews9.html

      1. Martin said on June 25, 2009 at 11:03 am
        Reply

        Yes but the vulnerability was disclosed (or updated) on June, 23

    4. paulus said on June 25, 2009 at 11:20 am
      Reply

      Ferry strange indeed this because its (no more than) normal when a manufacturer (in this case Adobe) updates his (Adobe) product the manufacturer wil give it (the software) a new release number.

    5. Taomyn said on June 25, 2009 at 11:56 am
      Reply

      This is odd as I always thought just like the flash installer, the shockwave one always uninstalled the previous version first before continuing.

    6. DanTe said on June 25, 2009 at 3:48 pm
      Reply

      Paulus should write to Adobe and ask them. Because Adobe clearly issued their bulletin here http://www.adobe.com/support/security/bulletins/apsb09-08.html on 6/23/09. As to why Adobe wants people to uninstall first before installing the new version: I would hazard a guess that a normal Shockwave uninstall leaves artifacts behind and one needs to do a “custom” uninstall to remove all.

    Leave a Reply