Adobe patches a critical vulnerability in Shockwave Player

The flaw could enable remote code execution attacks

Adobe Systems released a new security update for Shockwave Player in order to fix a critical vulnerability that could allow attackers to remotely take control of affected systems.

The vulnerability, identified as CVE-2014-0505, is the result of a memory corruption issue and can lead to arbitrary code execution. According to Adobe, the flaw was privately reported to the company and there are no reports of active exploits targeting it in the wild.

Adobe recommends users of Adobe Shockwave Player and earlier versions to update to the newly released version, which is available for Windows and Mac, the company said Thursday in a security advisory.

The Shockwave Player update comes two days after Adobe released security patches for vulnerabilities in its more popular Flash Player product.

Shockwave Player installs a browser plug-in that's needed to display interactive online content created with Adobe's Director software. While it's not as widespread as Flash Player, Shockwave Player is deployed on over 450 million desktop computers according to Adobe, which makes it a potential target for hackers.

Join the newsletter!

Error: Please check your email address.
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags securitypatch managementonline safetypatchesAdobe SystemsExploits / vulnerabilities

More about Adobe SystemsAdobe Systems

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

More videos

Blog Posts