Members
  • Total Members: 14197
  • Latest: Levine
Stats
  • Total Posts: 43438
  • Total Topics: 16532
  • Online today: 3056
  • Online ever: 51419
  • (01. January 2010., 10:27:49)
Users Online
Users: 3
Guests: 2875
Total: 2878









Author Topic: Adobe warns of critical bug in Shockwave player which affects Windows and Macs  (Read 2617 times)

0 Members and 2 Guests are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7529
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Adobe warned Thursday of a critical bug in its Shockwave Player that affects both Windows and Macintosh PCs.

The bug, which was publicly disclosed Thursday: http://www.exploit-db.com/exploits/15296/ , "could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a message on its website: http://blogs.adobe.com/psirt/2010/10/security-advisory-for-adobe-shockwave-player-apsa10-04.html

In its security advisory, Adobe said it considers the issue "critical," and is working on a patch for the flaw: http://www.adobe.com/support/security/advisories/apsa10-04.html
The company isn't saying when that patch will ship, however.

So far, there aren't any reports of attacks that leverage the bug, but this type of public disclosure of a serious bug is often a harbinger of future attacks.

Adobe's Reader software has been a regular target for Web-based attacks over the past year, and while the Shockwave Player is used by about half as many people as Reader, it's probably good enough for many hackers: http://www.adobe.com/products/player_census/shockwaveplayer/

"Hundreds of millions of computers with Internet connectivity have Shockwave installed, so, this will obviously be an attractive target for attackers," security vendor Symantec said Thursday in an e-mailed statement.

If attacks do become a problem, users can disable Shockwave in their Web browsers until a patch becomes available.

The bug was found by Shahin Ramezany, a security researcher who said he released details of the problem to celebrate the fact that he now has 1,000 followers on Twitter. He had earlier promised to release an Adobe 0day when he crossed that threshold: http://twitter.com/#!/abysssec/status/28022786557

(PCW)

Samker's Computer Forum - SCforum.info


qwertysan

  • SCF Member
  • **
  • Posts: 36
  • KARMA: 5
yeah i found the 'crash' thing and update it several time but it never look stable like the old one. and i dont like the way we download it (cannot download offline installer anymore).

Samker's Computer Forum - SCforum.info


 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.codekids.ba:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Kursevi programiranja za ucenike u Sarajevu

Terms of Use | Privacy Policy | Advertising
TinyPortal 2.3.1 © 2005-2023