Slashdot Mirror

← Back to Stories (view on slashdot.org)

Shockwave Vulnerabilities Affect More Than 450 Million Systems

Posted by timothy on from the drug-resistant-infections dept.

Trinity writes "Researchers from VUPEN have discovered critical vulnerabilities in Adobe Shockwave, a technology installed on over 450 million Internet-enabled desktops. The vulnerabilities could allow remote code execution by tricking a user into visiting a web page using Internet Explorer or even Mozilla Firefox. Version 11.5.1.601 as well as earlier ones are affected. The vendor recommends upgrading to version 11.5.1.602." Especially sobering when you consider Adobe's current push to be essentially required as an intermediary player for anyone who wants to see certain government data.

5 of 130 comments (clear)

  1. Hard to care anymore by belthize · · Score: 5, Interesting

    I find it harder and harder to really give a shit anymore. All of our systems (linux, Windows ,OSX) all have various automatic patching schemes. Once the vendor gets around to fixing their crap (Adobe in this case) we'll ingest the patch and move on.

    Once upon a time I monitored the various security announcement lists but ultimately it didn't matter. Most of this crap has become mission critical so turning it off isn't an option, fixing it yourself is rarely and option so you're left with wait and patch solution.

    I guess it's kind of free'ing. I no longer stress about it and focus on more relevant issues.

  2. Re:Flashblock by mcgrew · · Score: 4, Interesting

    I'm surprised that anybody's surprised that a new Adobe exploit has surfaced, They seem to have surpassed Microsoft in their zeal to get your PC infected; Microsoft seems to hava actually been getting better in the last couple of years. Or Microsoft seems to at least be trying. Adobe doesn't seem to care.

    --
    Free Martian Whores!
  3. Are their FOSS alternatives to Flash and Shockwave by AP31R0N · · Score: 1, Interesting

    1) Are there FOSS alternatives to Flash and/or Shockwave?

    2) Why(not)?

    3) If there was, would it help reduce problems like this?

    Please don't mod me as trolling for asking questions!

    --
    Utilizing the synergization of benchmark e-solutions to pre-workaround action items!
  4. Re:Are their FOSS alternatives to Flash and Shockw by TheDarkener · · Score: 2, Interesting

    2. See above. Nobody cares about Shockwave, though.

    Nay, say I and the (many) school districts who visit shockwave-only educational sites. Not having Shockwave Director available on Linux has cost me clients. Talk about a slap in the face for trying to give schools a break by using good software, because they are too attached to bad software..

    --
    It is pitch black. You are likely to be eaten by a grue.
  5. Anyone else have a problem after updating? by Anonymous Coward · · Score: 1, Interesting

    Rolled this out to a small lab (you know how students are, and where they can go, better safe than...).

    After installation, *all* users are asked to individually install another component when the Shock embed in the open page attempts to play (which as non-admins, they can't do). Since several of our teaching programs Shockwave this presents a real PITA.

    Previously there was no such behavior. Any ideas?