Adobe zaps critical Shockwave vulnerabilities

Summary:Adobe joined the Patch Tuesday train today with the release of patches for at least 21 documented security vulnerabilities in the Shockwave and ColdFusion product lines.

Adobe joined the Patch Tuesday train today with the release of patches for at least 21 documented security vulnerabilities in the Shockwave and ColdFusion product lines.

According to the APSB10-12 security bulletin, 18 of the 21 flaws affected the Shockwave Player, a free software product that lets users view rich-media content on the web.

Here's the skinny:

follow Ryan Naraine on twitter

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.6.606 and earlier versions for Windows and Macintosh. The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.

This bulletin is rated "critical" and Adobe recommends users of Adobe Shockwave Player 11.5.6.606 and earlier versions update to Adobe Shockwave Player 11.5.7.609.

The second bulletin (APSB10-11) is rated "important" and fixes three flaws that could lead to cross-site scripting and information disclosure issues.

These vulnerabilities affect ColdFusion 8.0, 8.0.1, 9.0 and earlier versions for Windows, Macintosh and UNIX.

Adobe said none of the fixes in this update involve zero-day issues or exploits in the wild.

Topics: Enterprise Software, Security

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.