We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Adobe patches six critical vulnerabilities in Shockwave Player

Shockwave Player 11.6.8.638 addresses six arbitrary code execution vulnerabilities

Adobe has fixed six critical vulnerabilities in Shockwave Player that could potentially be exploited by attackers to execute malicious code, via the release of version 11.6.8.638 of the software.

Five of the patched flaws are buffer overflow vulnerabilities and one is an out-of-bounds array bug. Adobe credits Will Dormann of CERT and Honggang Ren of Fortinet's FortiGuard Labs with reporting the issues.

"Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638," the company said in a security advisory accompanying the release on Tuesday. The new version is available for the Windows and Mac platforms.

"Adobe is not aware of any exploits in the wild for any of the issues patched in this release," Wiebke Lips, Adobe's senior manager of corporate communications, said via email.

While not nearly as popular as Flash Player, Shockwave Player is installed on 450 million Internet-enabled desktops, according to Adobe, which might make it an attractive target for attackers. The product is required to display online content created with Adobe's Director software, like 3D games, product demonstrations, simulations or e-learning courses, inside browsers.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia