Adobe Patches Critical Shockwave Bugs

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Adobe finds some serious buffer overflow issues

Adobe has rushed out some fixes for Shockwave Player, covering up some buffer overflow issues that might have let hackers write malware onto victims’ systems.

The security bulletin addresses issues in Adobe Shockwave Player 11.6.7.637 and earlier versions on Windows and Mac.

Adobe said it was dealing with five separate overflow vulnerabilities that could lead to code execution, along with another flaw that could end in the same result.

Shockwave buffer overflow issues

“This update addresses vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system,” the security advisory read.

“Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to Adobe Shockwave Player 11.6.8.638.”

The patching activity of major software vendors has been under plenty of scrutiny of late. Adobe, which despite numerous holes in its kit has a good reputation amongst security pros, was working with Microsoft last month on sorting patches for Flash for Windows 8, over a month ahead of the operating system’s release.

Oracle is under even more pressure. This week, Polish firm Security Essentials said it could fix a Java flaw in 30 minutes, and it has encouraged Oracle to look at patching before its planned update in February.

Are you a security expert? Try our quiz!

Read also :