On Tuesday, Adobe released a updated version of its Shockwave Player in order to plug two critical vulnerabilities in the popular plug-in.
According to a security bulletin from the company, the memory corruption bugs (CVE-2014-0500 and CVE-2014-0501) could allow an attacker to gain control of victims' systems via remote code execution (RCE).
The updated player, version 18.104.22.168, is available for Windows and Mac platforms. Liangliang Song, a researcher at Fortinet's FortiGuard Labs, reported the issue to Adobe.
The company gave the update its highest priority ranking of 1, which indicates that a vulnerability is actively being targeted, or has a higher risk of being targeted by exploits in the wild, and should be installed as soon as possible.