Adobe finds some serious buffer overflow issues
Adobe has rushed out some fixes for Shockwave Player, covering up some buffer overflow issues that might have let hackers write malware onto victims’ systems.
The security bulletin addresses issues in Adobe Shockwave Player 220.127.116.117 and earlier versions on Windows and Mac.
Adobe said it was dealing with five separate overflow vulnerabilities that could lead to code execution, along with another flaw that could end in the same result.
Shockwave buffer overflow issues
“This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system,” the security advisory read.
“Adobe recommends users of Adobe Shockwave Player 18.104.22.1687 and earlier versions update to Adobe Shockwave Player 22.214.171.1248.”
The patching activity of major software vendors has been under plenty of scrutiny of late. Adobe, which despite numerous holes in its kit has a good reputation amongst security pros, was working with Microsoft last month on sorting patches for Flash for Windows 8, over a month ahead of the operating system’s release.
Oracle is under even more pressure. This week, Polish firm Security Essentials said it could fix a Java flaw in 30 minutes, and it has encouraged Oracle to look at patching before its planned update in February.
Are you a security expert? Try our quiz!