We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Adobe fixes critical Shockwave security hole

Patch for remotely exploitable bug now available

Adobe has released a patch for its Shockwave Player to fix a critical vulnerability, the company wrote on its security blog.

Adobe didn't provide many details on the vulnerability but wrote that it is remotely exploitable, meaning a hacker could use it to infect a computer with malicious software over the internet.

Shockwave Player is used to display content created by Adobe's Director program, which offers advanced tools for creating interactive content, including Flash. The Director application can be used for creating 3D models, high-quality images and full-screen or long-form digital content and offers greater control over how those elements are displayed.

The vulnerability affects Shockwave Player version 11.5.0.596 and earlier. Users should uninstall the old version and install version 11.5.0.600, which is available for download.

Shockwave Player is installed on 450 million desktops, according to Adobe.

The company was tipped off to the vulnerability by security vendor TippingPoint Technologies' Zero Day Initiative, which pays security researchers for vulnerability information that is responsibly disclosed.

In May, Adobe announced it was undertaking a thorough review of legacy code in products such as Acrobat and Reader after hackers have taken advantage of dangerous vulnerabilities. The company also introduced a regular patching routine, saying it would release patches every three months on the second Tuesday of the month, the same day that Microsoft releases its own fixes.

The patch for Shockwave Player, however, deviates from the schedule. Adobe last released patches on June 9 and isn't due for a release until September. Adobe offered no explanation on its blog post. However, it may be taking a cue from Microsoft, which will push out emergency patches off schedule for particular dangerous problems.

See more:

PC security advice


IDG UK Sites

Very best Black Friday 2014 tech deals UK: Latest bargains on phones, tablets, laptops and more...

IDG UK Sites

Tech trends 2015: 3D printing grows up

IDG UK Sites

Will I be affected by VAT MOSS? Here are the facts for designers and artists

IDG UK Sites

Black Friday 2014 UK: Apple deals, Amazon deals & Black Friday tech offers