The Mac Security Blog
Adobe has issued a security update for its Shockwave Player plugin, patching vulnerabilities that “could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.” The update corrects four memory corruption vulnerabilities. The new version is 11.6.3.633, and is available here.
Adobe has released a number of critical updates for web browser plug-ins Flash, Air and Shockwave, for graphics program Photoshop, and for other programs.
The Flash Player update fixes 13 security flaws, some of them critical, bringing the latest version of Flash Player for Mac to 10.3.183.5. Users can download the new version of Flash Player here.
Adobe Air was updated for the same flaws, and the new version is 2.7.1, with downloads available here.
Shockwave Player saw 7 flaws patched, and the new version is 11.6.1.629. Shockwave Player can be downloaded here.
Photoshop CS was updated to fix one vulnerability which affects malicious .gif files. The update can be downloaded here.
It’s worth noting that there’s a bit of a tiff between Google and Adobe regarding the Flash update. A Google engineer said on Twitter that he had sent info to Adobe regarding some 400 vulnerabilities. An Adobe representative later replied via Twitter, but has since removed the tweet. Gregg Keizer on Infoworld has more on this feud. I suspect we’ll hear more about it later today.
Adobe has released a number of security updates for its software, fixing dozens of flaws and vulnerabilities, in their latest quarterly update release.
First out are updates to Adobe Reader and Acrobat. Fixing a baker’s dozen vulnerabilities, these are essential updates, as users may open PDFs found on the web. Mac users can download the latest version of Adobe Reader here, and can get Acrobat here. The vulnerabilities for these programs are considered critical.
Next comes Shockwave Player, whose security update patches two dozen vulnerabilities that Adobe considers to be critical. Mac users can get the latest version of Shockwave Player here.
Finally, the Flash Player update patches just one vulnerability, considered to be critical, and Mac users can get a new version of Flash Player here. Don’t count on that auto-updater doing anything, not every alerting you; we haven’t seen any alerts since it was added a couple of updates ago.
Adobe has released an update to its Shockwave Player, fixing 20 vulnerabilities that the company considers to be critical. “The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.” Users should update to Shockwave Player 11.5.8.612, downloading it from this page.
Adobe has issued a security update for Shockwave Player 11.5.6.606 and earlier, for both Mac and Windows, for a vulnerability which “could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system.” Users who have Shockwave Player installed just update to version 11.5.7.609, which is available here.
Adobe has released an update to Shockwave Player, to correct “vulnerabilities [that] could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system.” Two bugs are fixed: one which is “a buffer overflow vulnerability that could potentially lead to code execution,” and a second which involves “multiple integer overflow vulnerabilities that could potentially lead to code execution.”
The updated version of Shockwave is 11.5.6.606, and you can get the update here.