Shockwave player flaw exposes 450 million users at risk of hack

Pierluigi Paganini October 29, 2015

Adobe has released a critical update to fix a flaw in the Shockwave player that could be exploited to compromise hundreds of millions of machines.

Adobe has released a critical update to fix a vulnerability in the Shockwave player (CVE-2015-7649) that could be exploited by threat actors to compromise hundreds of millions of machines. The experts at Fortinet’s Fortiguard Labs have discovered the flaw in the Shockwave player and reported it to Adobe.

Adobe confirmed that more that nearly 450 million users are running the vulnerable platform and urge a manual update through the Adobe website.

adobe shockwave flaw

The flaw belongs to the category of memory corruption vulnerabilities, it could be triggered to compromise Windows and Mac machines and gain remote code execution.

Adobe says Fortinet reported the hole, which is rated critical.

“Adobe has released a security update for Adobe Shockwave Player. This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system.states the security advisory published by Adobe. “Adobe recommends users of Adobe Shockwave Player 12.2.0.162 and earlier versions update to Adobe Shockwave Player 12.2.1.171 by visiting the Adobe Shockwave Player Download Center. “

According to the Bulletin, every system running the latest version 12.2.0.162 and earlier is vulnerable, the problem affects Windows and Macintosh versions of the Shockwave player.

This is not a good period for Adobe, the critical vulnerability in the Shockwave player has been discovered after the company has released a collection of security updates and an emergency patch for popular Flash software that are actively being exploited in-the-wild.

Pierluigi Paganini

(Security Affairs – Shockwave player, hacking)



you might also like

leave a comment