Adobe Shockwave Player Critical Vulnerability Addressed
Adobe, the California-based company that specializes in creating multimedia and creativity software products, has announced that it is aware of a critical security vulnerability in one of it software applications, mainly Adobe Shockwave Player 11.5.0.596 and earlier versions. A person with malicious intent that is successful in remotely exploiting this vulnerability could take control of the targeted machine. An updated version of Adobe Shockwave Player has been released to address the issue, mainly version 11.5.0.600.
Adobe mentioned that it has not detected any exploits in the wild for the time being. Still, it is best to update to Shockwave Player 11.5.0.600 and stay protected. Before you do that you should first uninstall previous Shockwave Player versions you have installed on your machine, reboot, and then perform a fresh installation of Adobe Shockwave Player 11.5.0.600.
Keep in mind that Adobe rated this security vulnerability as critical, the highest rating in the company’s 4-tier rating system (low, moderate, important and critical). A critical vulnerability refers to the fact that it can allow native code to execute without the user realizing his system has been compromised.
Here is what Adobe had to say about this vulnerability: “A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability (CVE-2009-1860). This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content. To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600”
Credits for discovering this vulnerability are given to Paul Kurczaba who reported it via TippingPoint’s Zero Day Initiative.
If you would like to get Adobe Shockwave Player, a download location is available here.
Adobe mentioned that it has not detected any exploits in the wild for the time being. Still, it is best to update to Shockwave Player 11.5.0.600 and stay protected. Before you do that you should first uninstall previous Shockwave Player versions you have installed on your machine, reboot, and then perform a fresh installation of Adobe Shockwave Player 11.5.0.600.
Keep in mind that Adobe rated this security vulnerability as critical, the highest rating in the company’s 4-tier rating system (low, moderate, important and critical). A critical vulnerability refers to the fact that it can allow native code to execute without the user realizing his system has been compromised.
Here is what Adobe had to say about this vulnerability: “A critical vulnerability has been identified in Adobe Shockwave Player 11.5.0.596 and earlier versions. This vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected system. Adobe has provided a solution for the reported vulnerability (CVE-2009-1860). This issue was previously resolved in Shockwave Player 11.0.0.465; the Shockwave Player 11.5.0.600 update resolves a backwards compatibility mode variation of the issue with Shockwave Player 10 content. To resolve this issue, Shockwave Player users on Windows should uninstall Shockwave version 11.5.0.596 and earlier on their systems, restart, and install Shockwave version 11.5.0.600”
Credits for discovering this vulnerability are given to Paul Kurczaba who reported it via TippingPoint’s Zero Day Initiative.
If you would like to get Adobe Shockwave Player, a download location is available here.
