Multimedia web content can be run in any kind of browser that has actually been embedded or set up Adobe Shockwave Player in it as a plug-in. Content that can be run by Adobe Shockwave Player is content developed utilizing Adobe Director, which is then released on the internet. However, unlike Adobe Flash Player, Adobe Shockwave Player is not offered and can not be set up on the Linux or Solaris running system. Since there are reports of an existing exploit for one of the two Flash vulnerabilities, "our recommendation is to include the Flash release in your 'patch urgently' category," Wolfgang Kandek, CTO of vulnerability management firm Qualys, said in a blog post.In the latest version, Shockwave has supported the Windows operating system, both 64-bit, and 32-bit versions.
Shockwave Player is not as widespread as Flash Player, but it is installed on over 450 million desktop computers, according to Adobe, which makes it a potential target for attackers. for Windows, Mac and Android.Īdobe Shockwave Player version 12.0.7.148 for Windows and Mac was released Tuesday to resolve two different memory corruption vulnerabilities - CVE-2013-5333 and CVE-2013-5334 - that could lead to arbitrary code execution. The patches are included in Adobe AIR version 3. The two Flash Player vulnerabilities were also fixed in Adobe AIR, a runtime for rich Internet applications that has Flash support. The Flash Player versions bundled with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will automatically be updated through those browsers' update mechanisms. Tuesday's update, though, moved the Windows and Macintosh versions of Flash Player to version 11.9.900.170, and the Linux version to 11.2.202.332. Some mitigation for this type of exploit exists since Flash 11.6, which introduced a click-to-play feature that requires users to confirm the playback of Flash content embedded in documents when opened in Microsoft Office versions older than Office 2010. If exploited successfully, both vulnerabilities can lead to arbitrary code execution allowing attackers to take control of the affected systems.
A memory corruption flaw tracked as CVE-2013-5332 was also fixed. That CVE (Common Vulnerabilities and Exposures) ID refers to a type confusion vulnerability fixed in the new version of Flash Player. "Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331," the company said in a security advisory. Adobe patched several vulnerabilities in its Flash Player and Shockwave Player on Tuesday, including one for which an exploit is already available.
0 kommentar(er)
