Patch management, Vulnerability management

Adobe patches critical Shockwave flaws allowing remote control of system

Danielle WalkerFebruary 11, 2014

On Tuesday, Adobe released a updated version of its Shockwave Player in order to plug two critical vulnerabilities in the popular plug-in.

According to a security bulletin from the company, the memory corruption bugs (CVE-2014-0500 and CVE-2014-0501) could allow an attacker to gain control of victims' systems via remote code execution (RCE).

The updated player, version 12.0.9.149, is available for Windows and Mac platforms. Liangliang Song, a researcher at Fortinet's FortiGuard Labs, reported the issue to Adobe.

The company gave the update its highest priority ranking of 1, which indicates that a vulnerability is actively being targeted, or has a higher risk of being targeted by exploits in the wild, and should be installed as soon as possible.

Danielle Walker

Shot of a surgeon looking at a monitor in an operating room

Device Security

7 vulnerabilities patched in Axeda IIoT remote management tool, popular in medical sector

Joe UchillMarch 8, 2022

PTC sunset Axeda in 2019, but the industrial IoT remote monitoring and management agent is still in use in several systems. Based on Forescout telemetry, it is particularly popular in active use within the medical sector, particularly lab testing and imaging.

Claroty data finds medical device disclosures are on the rise, which is an important step to improving the sector’s posture. But Unit 42 research finds the majority of infusion pumps have not been patched, impeding that progress. (Photo by Buda Mendes/Getty Images)

Vulnerability management

Medical device disclosures on the rise, but providers struggle to patch known flaws

Jessica DavisMarch 3, 2022

Palo Alto Networks Unit 42 data shows the majority of infusion pumps are operating with known security vulnerabilities. As disclosures increase, the need for faster medical device security remediation follows.

Network outages and service disruptions have become a prevalent fallout from cyberattacks in healthcare. After the Kronos incident, providers must evaluate how to maintain business continuity. (Photo by Cate Gillon/Getty Images)

Ransomware

Ransomware anatomy: Dual cyberattacks on provider call for vulnerability review

Jessica DavisFebruary 28, 2022

Karma and Conti simultaneously hacked into a healthcare network via a known Microsoft Exchange vulnerability, Sophos research shows. The attack shares lessons learned for other providers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

Adobe patches critical Shockwave flaws allowing remote control of system

Related

7 vulnerabilities patched in Axeda IIoT remote management tool, popular in medical sector

Medical device disclosures on the rise, but providers struggle to patch known flaws

Ransomware anatomy: Dual cyberattacks on provider call for vulnerability review

Get daily email updates