Patch/Configuration Management, Vulnerability Management

Adobe patches critical Shockwave flaws allowing remote control of system

On Tuesday, Adobe released a updated version of its Shockwave Player in order to plug two critical vulnerabilities in the popular plug-in.

According to a security bulletin from the company, the memory corruption bugs (CVE-2014-0500 and CVE-2014-0501) could allow an attacker to gain control of victims' systems via remote code execution (RCE).

The updated player, version 12.0.9.149, is available for Windows and Mac platforms. Liangliang Song, a researcher at Fortinet's FortiGuard Labs, reported the issue to Adobe.

The company gave the update its highest priority ranking of 1, which indicates that a vulnerability is actively being targeted, or has a higher risk of being targeted by exploits in the wild, and should be installed as soon as possible.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.