Adobe patches critical bugs in Shockwave Player

Update fixes five critical vulnerabilities in Adobe's Shockwave Player, four of which could allow malicious code to execute

Adobe Systems has issued an update for five vulnerabilities in its Shockwave Player, which is installed on some 450 million PCs.

It classified the update as "critical," its most severe rating. The vulnerabilities affect version 11.5.1.601 as well as earlier ones. The company recommends upgrading to version 11.5.1.602.

[ Discover what's new in business applications with InfoWorld's Technology: Applications newsletter. ]

Four of the problems could allow an attacker to execute malicious code on a computer, while the fifth one could lead to a denial-of-service condition, Adobe said in its advisory.

Shockwave Player is used to display content created by Adobe's Director program, which offers advanced tools for creating interactive content, including Flash. The Director application can be used for creating 3D models, high-quality images and full-screen or long-form digital content and offers greater control over how those elements are displayed. Adobe also issued an update for the Shockwave Player in July.

Vulnerabilities in third-party applications are often targeted by hackers. Vulnerabilities in operating systems such as Windows have become somewhat less prevalent, so hackers have turned to finding problems in applications in order to take control over computers.

Adobe's applications are frequently targeted due to their widespread installation. Programs such as Flash and the Reader and Acrobat applications have been frequently exploited to hack PCs.

Recognizing the problem, Adobe announced in May that it would issue quarterly updates for Reader and Acrobat on the same day that Microsoft releases its patches.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies