Adobe patches critical Shockwave flaws allowing remote control of system | SC Media
Patch management

Adobe patches critical Shockwave flaws allowing remote control of system

February 11, 2014

On Tuesday, Adobe released a updated version of its Shockwave Player in order to plug two critical vulnerabilities in the popular plug-in.

According to a security bulletin from the company, the memory corruption bugs (CVE-2014-0500 and CVE-2014-0501) could allow an attacker to gain control of victims' systems via remote code execution (RCE).

The updated player, version 12.0.9.149, is available for Windows and Mac platforms. Liangliang Song, a researcher at Fortinet's FortiGuard Labs, reported the issue to Adobe.

The company gave the update its highest priority ranking of 1, which indicates that a vulnerability is actively being targeted, or has a higher risk of being targeted by exploits in the wild, and should be installed as soon as possible.

prestitial ad