Adobe fixes Shockwave Player security problems

Adobe has addressed six security issues in its Shockwave Player by releasing an update to the service.

Five of the faults are defined as buffer flow vulnerabilities and one as an "array out of bounds vulnerability," all of which affect Shockwave Player 11.6.7.637 and earlier versions on Windows and Macintosh platforms.

According to Adobe, Shockwave Player 11.6.8.638, which was made available yesterday, fixes "vulnerabilities that could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system."

The security weaknesses have been categorised as "critical" and ascribed a priority rating of two.

According to Adobe's definition of priority two, "There are currently no known exploits. Based on previous experience, we do not anticipate exploits are imminent."

It is highly recommended that the update be installed within the next thirty days, as any malicious code could be executed discreetly.

Shockwave Player is claimed to be installed on 450 million desktops worldwide.

Adobe credited CERT's Will Dormann and Honggang Ren of Fortinet's FortiGuard Labs for the discovery of the faults.