Adobe Patches Critical Vulnerabilities in Shockwave

Adobe has announced it will release a patch for its Shockwave Player today to fix what it deems are critical vulnerabilities in the platform.

Adobe joined Microsoft in releasing security patches today, sending out a fix for its Shockwave Player. The patch repairs critical vulnerabilities in the platform that could allow an attacker to remotely takeover an affected system.

According to a post on its Product Security Incident Response Team (PSIRT) blog the vulnerabilities (CVE-2014-0500 and CVE-2014-0501) in question affect all versions of Shockwave on Windows and Macintosh machines. The update will graduate version 12.0.7.148 to version 12.0.7.149.

While Adobe notes that it hasn’t discovered any attacks using the vulnerabilities in the wild, it is still encouraging users to update as soon as possible.

Specific details regarding the vulnerabilities are unclear but Adobe did give a tip of its cap to Liangliang Song, at Fortinet’s FortiGuard Labs for reporting the issue.

It’s the second critical vulnerability Adobe has patched so far this month.

It was just a week ago today that Adobe released an out-of-band patch for its Flash Player software. That update addressed a remote code execution vulnerability that was being executed in the wild that could have opened a user’s computer up to attack. According to Kaspersky Lab researchers Alexander Polyakov and Anton Ivanov the vulnerability stemmed from a password-grabbing Trojan that was taking aim at Chinese organizations.

Suggested articles