Adobe Patches Memory Corruption Flaw in Shockwave

  • 27 October 2015
  • 7 replies
  • 1467 views

Userlevel 7
Badge +54
by Michael Mimoso    October 27, 2015 , 1:05 pm
 
                                                



Adobe today updated Shockwave player, patching one privately disclosed memory corruption vulnerability in the software.

Adobe gave the vulnerability, CVE-2015-7649, its highest criticality rating, though there are no known public exploits for this flaw.

The vulnerability, Adobe said, could allow an attacker to remotely execute code and take control over the vulnerable machine.

The flaw affects Windows and Macintosh versions of Shockwave 12.2.0.162 and earlier, and users are urged to update to 12.2.1.171.
 
Full Article

7 replies

Userlevel 7
Badge +56
Thanks Jeff! Today I don't use Shockwave and I don't know the last time I needed it so in most cases just remove it from your PC IMO.
 
Daniel 😉
Userlevel 7
Badge +54
@ wrote:
Thanks Jeff! Today I don't use Shockwave and I don't know the last time I needed it so in most cases just remove it from your PC IMO.
 
Daniel ;)
I have not used it for years either Daniel, I have just not needed it for anything at all.
However this patch is still making headlines with big headlines.
Shockwave player flaw exposes 450 million users at risk of hack
 

 

 
 
 
Userlevel 7
Badge +34
450 million is an awful lot of users - I don't believe that I've ever been one though.
 
I notice from Wiki that it "it bundles a component of Adobe Flash that is more than 15 months behind on security updates, and which can be used to backdoor virtually any computer running it".
 
Hardly surprising that it is a security disaster!
 
Nemo
 
 
Userlevel 7
You would think that by now, Flash would be obsolete.... from US-CERT:
 
Adobe Releases Security Update for Shockwave PlayerOriginal release date: October 27, 2015
 
Adobe has released a security update for Adobe Shockwave Player. Exploitation of this vulnerability could potentially allow an attacker to take control of the affected system. 
 
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-26(link is external) and apply the necessary updates.
 
Source: https://www.us-cert.gov/ncas/current-activity/2015/10/27/Security-update-available-Adobe-Shockwave-Player
Userlevel 3
Badge +15
I have found no use for Shockware either ... but thank for the post. You never know .. someone may be using it.
Userlevel 7
Badge +56
For one's that use Shockwave here is another update:
 
Adobe Shockwave Player 12.2.1.172https://get.adobe.com/shockwave/
 
Daniel 😉
Badge +8
@ wrote:
For one's that use Shockwave here is another update:
 
Adobe Shockwave Player 12.2.1.172https://get.adobe.com/shockwave/
 
Daniel ;)
Thanks Daniel. Some news channels still use it and if I don't have it, I stare at a black screen and then say OH

Reply