Sunday, 5 February 2012
Adobe repairs 20 Shockwave Player vulnerabilities
Adobe repairs 20 Shockwave Player vulnerabilities
By Robert Westervelt, News Director, SearchSecurity | Aug 30, 2010
0 comments
Digg
PrintAdobe Systems Inc. repaired 20 vulnerabilities in its Shockwave Player in a critical update issued late Tuesday that blocks attackers from remotely exploiting the flaws.
The holes were identified in Adobe Shockwave Player 11.5.7.609 running on Microsoft Windows and Apple Mac OS X. Adobe said it knew of no ongoing attacks against the flaws in the wild. The update repairs more than a dozen memory corruption vulnerabilities and several denial-of-service flaws.
Adobe Shockwave Player is used as a plug-in in hundreds of millions of Web browsers and has been a favorite target of attackers in recent years. In a recent interview, Brad Arkin, senior director of product security and privacy at Adobe, said the company has been increasing its transparency on its software security processes and investing in ways to better protect users from attacks. The majority of users that fall victim to attacks fail to keep the software up to date, he said.
Adobe said some of the flaws corrected in the latest update enable an attacker to execute code remotely, gain access to system files and take control of an affected computer.
"The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said in its Shockwave Player security bulletin. "Adobe categorizes this as a critical update and recommends that users apply the update for their product installations."
Adobe said users should upgrade to Shockwave Player 11.5.8.612. The company credited the finds to a number of researchers, including several anonymous submissions to TippingPoint's Zero Day Initiative and VeriSign's iDefense Labs Vulnerability Contributor Program.
This article originally appeared on SearchSecurity
Similar
Add comment
knowledge_central_tab
Knowledge Central
When good backups go bad
Business transactions are faster and have a broader reach to more people in more countries than ever before. Businesses of all sizes can cast a global shadow by setting up a website and conducting business over the Internet. At the same time the volume of data is growing, so are the threats.
Does application security pay?
In the past, businesses confronted the threat of cyber attacks and data breaches primarily by building firewalls and other “perimeter defenses” around their networks, but the threat has continued to evolve, and more criminals are hacking into applications that are running on a plethora of new devices and environments, including cloud, mobile, and social media. Which begets the question: Is it still worthwhile investing in application security?
Red Cross overhauls ID management
Red Cross named the first recipient of the CourionCare Program for Non-Profits with massive overhaul to security and identity management.
Red Cross overhauls ID management
That program helped the agency reduce the risk of security and compliance breaches by automatically eliminating system access when a user changed responsibilities or left the organization.
