According to the APSB10-12 security bulletin, 18 of the 21 flaws affected the Shockwave Player, a free software product that lets users view rich-media content on the web.
Here’s the skinny:
Critical vulnerabilities have been identified in Adobe Shockwave Player 18.104.22.1686 and earlier versions for Windows and Macintosh. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.
This bulletin is rated “critical” and Adobe recommends users of Adobe Shockwave Player 22.214.171.1246 and earlier versions update to Adobe Shockwave Player 126.96.36.1999.
The second bulletin (APSB10-11) is rated “important” and fixes three flaws that could lead to cross-site scripting and information disclosure issues.
These vulnerabilities affect ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX.
Adobe said none of the fixes in this update involve zero-day issues or exploits in the wild.