RealTime IT News

Critical Adobe Shockwave Vulnerability Gets Fix


Netstat -vat by Sean Michael Kerner (bio)

A command line view of IT


shockwaveplayer_logo.jpg From the "Doesn't everyone use Flash now?" files:

Adobe is advising users of its Shockwave player to update to a new version to protect against a critical remotely exploitable flaw.

The flaw affects Adobe Shockwave Player 11.5.0.596 and earlier versions and according to Adobe's advisory, "... could allow an attacker who successfully exploits this vulnerability to take control of the affected system."

Adobe's new Shockwave Player 11.5.0.600 corrects the issue, though it requires users to uninstall their existing Shockwave player first.

While some might be alarmed by Adobe's disclosure, personally I don't see this flaw as a big issue at all -- though, of course, go and update now!

First of all, the flaw was responsibly disclosed first by way of the Tipping Point Zero Day Initiative (ZDI). The way that works is, ZDI pays the researcher for the flaw and then ZDI keeps the details under wraps until a fix exists.

Next page: Cause for concern?

[Continue reading this blog post at Netstat -vat by Sean Michael Kerner]