Adobe security holes are just like No. 73 buses, you don’t have to wait long before another one comes along. Now it seems that Adobe Shockwave Player has a zero-day vulnerability which could potentially allow an attacker control of your computer.
This is unwelcome news to say the least, with millions of computer users having installed Shockwave Player. Of these, the majority will either be totally unaware of the issue and have poor security, or not sure about what to do. It doesn’t help that Adobe is notoriously slow in patching its products.
Adobe has acknowledged the hole affects Shockwave Player 18.104.22.1682 and earlier versions on the Windows and Mac operating systems. This is after a researcher made the exploit code public. The security flaw means a hacker could theoretically take control of your computer, with all the implications that has for loss of personal data and your computer becoming a ‘zombie’ computer, spreading trojans and spam across the net to other computers.
So, if you have Adobe Shockwave Player installed on your computer you need to follow these steps:
1. Make sure you are using the very latest version as out of date versions are even more insecure, remaining unpatched for earlier vulnerabilities.
Of course, if you are a Mac user then you are less vulnerable but its best to be vigilant and never give permission for any process that you are not sure is genuine.
- Adobe Shockwave bitten by code exeuction bug (go.theregister.com)
- Adobe Systems is warning users about a critical bug in Shockwave Player (robbiz1978.blogspot.com)
- Exploit published for unpatched Adobe Shockwave vulnerability (zdnet.com)
- Adobe Warns of Shockwave Bug (nytimes.com)
- Adobe warns of Shockwave bug (macworld.com)
- Critical security holes in Adobe Shockwave (zdnet.com)
- Week 42 in Review – 2010 (infosecevents.net)
- Adobe Warns of Shockwave Bug (pcworld.com)
- Reader, Acrobat Patches Plug 23 Security Holes (krebsonsecurity.com)
- Trusteer Finds Massive Internet Security Hole Remains Unpatched by Users (eon.businesswire.com)
- Adobe Patches Reader, Acrobat Security Holes (pcworld.com)
- Adobe races to patch zero-day vulnerability in Flash Player (sophos.com)
- Adobe Patches Security Holes in RoboHelp, InDesign (pcworld.com)