- Image via CrunchBase
Adobe Systems is warning users about a critical bug in Shockwave Player that impacts both Macintosh and Windows computers.
The company issued an advisory about the bug Thursday. According to Adobe, the vulnerability exists in Shockwave Player 11.5.8.612 and earlier, and could be exploited to cause a crash and potentially allow an attacker to hijack a vulnerable system.
At the moment, Adobe said it is now aware of any attacks exploiting the bug, though details of the vulnerability have been disclosed publicly. According to an advisory by Secunia, the vulnerability is caused due to an array-indexing error in the handling of a certain record value in a “rcsL” chunk and can be exploited to use an arbitrary dword in memory as a function pointer via a specially crafted Director file.
Secunia advised Shockwave Player users to avoid untrusted Web sites, while Adobe recommended users ensure their machines are fully patched.
“We are currently working on determining the schedule for an update to address this vulnerability in Adobe Shockwave Player…As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date,” Adobe’s advisory reads.
In part because of their ubiquity, Adobe products have become a major target for attackers in recent years. To improve security, Adobe is introducing sandboxing technology into the next version of Adobe Reader for Windows. The update is scheduled to come in the next few weeks.
Related articles
- Adobe Systems is warning users about a critical bug in Shockwave Player (robbiz1978.blogspot.com)
- Adobe Warns of Shockwave Bug (nytimes.com)
