Adobe has released a critical update to fix a vulnerability in the Shockwave player (CVE-2015-7649) that could be exploited by threat actors to compromise hundreds of millions of machines. The experts at Fortinet’s Fortiguard Labs have discovered the flaw in the Shockwave player and reported it to Adobe.
Adobe confirmed that more that nearly 450 million users are running the vulnerable platform and urge a manual update through the Adobe website.
The flaw belongs to the category of memory corruption vulnerabilities, it could be triggered to compromise Windows and Mac machines and gain remote code execution.
Adobe says Fortinet reported the hole, which is rated critical.
“Adobe has released a security update for Adobe Shockwave Player. This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system.” states the security advisory published by Adobe. “Adobe recommends users of Adobe Shockwave Player 22.214.171.124 and earlier versions update to Adobe Shockwave Player 126.96.36.199 by visiting the Adobe Shockwave Player Download Center. “
According to the Bulletin, every system running the latest version 188.8.131.52 and earlier is vulnerable, the problem affects Windows and Macintosh versions of the Shockwave player.
This is not a good period for Adobe, the critical vulnerability in the Shockwave player has been discovered after the company has released a collection of security updates and an emergency patch for popular Flash software that are actively being exploited in-the-wild.
(Security Affairs – Shockwave player, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.