Adobe has issued a security update to its Shockwave Player which patches quite a few critical vulnerabilities. Many of the vulnerabilities could have allowed attackers to execute arbitrary code on the target machine.
Adobe Shockwave Player 220.127.116.112 closes 18 critical vulnerabilities. All previous versions of Shockwave are affected by the issues. In total, 20 security holes were plugged with the update.
"Critical vulnerabilities have been identified in Adobe Shockwave Player 18.104.22.1689 and earlier versions on the Windows and Macintosh operating systems,
" Adobe announced
"The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 22.214.171.1249 and earlier versions update to Adobe Shockwave Player 126.96.36.1992,
" the advisory continued.
16 of the issues were memory corruption vulnerabilities all of which could have been exploited to run malicious code. A pointer offset vulnerability and integer overflow vulnerability which would also have enabled attackers to run code was patched.
Adobe credits the discovery of the vulnerabilities to independent researches, groups and security companies. Rodrigo Rubira Branco of Check Point is credited for six critical vulnerabilities. Several researchers, including anonymous ones, used the TippingPoint's Zero Day Initiative to uncover the vulnerabilities.
The Adobe Shockwave Player enables users to run Adobe Director application embedded on web pages. While not as popular as Adobe Flash Player, which is present on almost all of the computers in the world, at least, those with access to an internet connection, Shockwave Player is still one of the most popular apps on the planet with over half of computers, or more than 450 million, having it installed. Adobe Shockwave Player 188.8.131.522
is available for download here