14 DAY TRIAL // Adobe has just announced an important update to Shockwave Player with the release of version 12.2.0.162, which aims to fix two security bugs that allow attackers to execute code on all affected systems.
The two vulnerabilities in question have been labeled as CVE-2015-66880 and CVE-2015-6681 and were reported by Tongbo Luo of Palo Alto Networks.
By using a memory corruption technique, an attacker would have been able to take control of affected systems by executing arbitrary code on the victim's computer.
Adobe said they haven't observed the bugs being exploited in the wild, and that all Shockwave Player versions 12.1.9.160 and earlier are vulnerable. Despite this, due to the vulnerabilities' severity, Adobe has labeled these two bugs as Priority 1.
Because Adobe Shockwave Player has a market share of 41% when compared to Flash's 99%, and only works on Windows, the number of potential victims is much smaller than a vulnerability in Adobe's Flash Player.
If you have the option to choose, we would urge you to use Flash Player whenever possible, and ditch Shockwave altogether.
This opinion is based on the research of security expert Will Dormann, which observed that Shockwave Player itself includes a version of the Flash runtime, which is updated less often than Flash itself.
Download Adobe Shockwave Player 12.2.0.162 as soon as possible to make sure that all bugs on your computer are fixed.