Jun 15, 2011 16:57 GMT  ·  By

Adobe has released a security update for Shockwave Player in order to address critical security vulnerabilities that could be exploited to execute malicious code.

A total number of 25 critical vulnerabilities, all of which can lead to arbitrary code execution, have been fixed in the newly released Adobe Shockwave Player 11.6.0.626.

Many of the vulnerabilities were identified in the player's Dirapix.dll component, while IML32.dll was also a source for a significant number of flaws.

Adobe Shockwave Player allows playing dynamic content created with Adobe Director, which is a more powerful alternative to Flash.

However, since the Flash technology has long won the popularity contest, there is little Director content on the Internet.

Despite its lower installation count, there have been cases when Shockwave Player vulnerabilities were targeted in the wild.

"Adobe recommends users of Adobe Shockwave Player 11.5.9.620 and earlier versions update to Adobe Shockwave Player 11.6.0.626," the company advises.

The company has also released critical security updates for Flash Player in order to address an actively exploited vulnerability. Meanwhile, Adobe Reader and Acrobat received patches on Tuesday as part of their quarterly update cycle.

Users should check if Shockwave Player is installed on their computer and if they don't remember using it, it would probably be better to uninstall it in order to remove this attack vector completely.

This should also be done with the Java browser plug-in by users who don't normally access Java content online, as well as other software that has been installed at some point, but is no longer used.

Keeping popular programs like Flash Player and Adobe Reader up to date is critically important for people's online safety. So is running an up-to-date antivirus system capable of scanning web content.

The latest version of Shockwave Player for Windows can be downloaded from here. The latest version of Shockwave Player for Mac can be downloaded from here.