14 DAY TRIAL // Adobe has released security updates for its Shockwave Player and ColdFusion products in order to address critical vulnerabilities that could be exploited to compromise computers and information.
The new Shockwave Player update fixes a total of 21 security flaws, all of which could lead to arbitrary code execution.
"Adobe recommends users of Adobe Shockwave Player 11.5.9.615 and earlier versions update to Adobe Shockwave Player 11.5.9.620," the company writes in its security bulletin.
The vulnerabilities are located in modules like dirapi.dll, IML32, TextXtra, Shockwave 3D Asset, Font Xtra.x32 and other unspecified components.
Adobe Shockwave Player allows playback of dynamic content created with Adobe Director, which is a more powerful alternative to Flash.
But even though the number of Shockwave Player installations is much lower than Flash Player ones, the software has been targeted in past attacks.
Adobe also released hotfixes for ColdFusion 9.0.1, 9.0, 8.0.1 and 8.0, which address a number of five vulnerabilities on the platform.
These security issues consist of two cross-site scripting weaknesses in the administrator console and the cfform tag, a CRLF injection flaw which allows adding headers, an information disclosure vulnerability and a Session Fixation bug.
The patches for each of the affected ColdFusion versions need to be manually downloaded and installed following instructions provided on the hotfix page.
This has been a busy Patch Tuesday for Adobe, which also released critical security updates for Flash Player, Adobe Reader and Acrobat, some of the most attacked software products on the Internet.
Adobe has made significant efforts to improve its security response procedures and listened to both the advice and criticism coming from the security community.
The latest version of Shockwave Player for Windows can be downloaded here.
The latest version of Shockwave Player for Mac can be downloaded here.