Adobe Shockwave Player 18.104.22.168 fixes a critical security issue
Adobe has released a new version for one of its web based players, and before you jump and say Flash, no it isn’t the one which was updated today.
The plugin which has been updated is Adobe Shockwave Player.
The latest version of the web player is 22.214.171.124. The plugin was found to have a security vulnerability, which has been fixed in the aforementioned version. Typical, huh? Just like Adobe Flash.
Yes, it is indeed a similar one, especially since they are both web players from the same developers. Fortinet, a security firm, also known for its antivirus products, through its Fortiguard Labs, discovered a security flaw in Adobe Shockwave Player plugin.
The firm found that there was a rather major bug in the way how Adobe Shockwave Player handles memory. The severity of the issue lies in the fact that the bug could be exploited by an attacker to remotely execute code on the affected system. This memory corruption vulnerability, was then reported to the plugin maker who acknowledged the bug, and has assigned it the name CVE-2015-7649 in its Security Bulletin.
This security issue, as dangerous as it sounds, has been marked as a critical one by Adobe. All versions of Adobe Shockwave Player 126.96.36.199 and earlier for Windows and Macintosh operating systems are said to be vulnerable to the exploit.
The latest version of the plugin has fixed this security flaw. So we advise readers to update your version of the plugin to the newest release, as soon as possible. Download Adobe Shockwave Player 188.8.131.52 for Windows and Mac OS X, from the official website.
Adobe Shockwave Player doesn’t have as many users, when compared to Adobe Flash Player, despite the latter’s declining usage. But the company’s website reports that there are over “Over 450 million Internet-enabled desktops have Adobe Shockwave Player installed.” Assuming that the numbers are recent, that’s really a lot of users, and so, that puts the vulnerability issue in to a whole new perspective.
However, it is unclear if the issue actually affected any users, though the company hasn’t reported any such incidents. So, it is likely that Fortinet’s research team beat the attackers to spotting the issue, and reported it to the developers, before any harm was done.
On a side note, a couple of weeks ago, Adobe patched up its Flash Player plugin to version 184.108.40.206, which fixed some critical security issues, which we have written about earlier.