Shocker: Adobe patches critical Shockwave remote hijack hole

[LabZero]

Content source

http://www.theregister.co.uk/2015/10/29/shocker_adobe_patches_critical_shockwave_remote_hijack_hole/

Why not just add 'Patch Adobe' to your to-do list. Every day for the forseeable future

Adobe has patched a critical vulnerability in the Shockwave player that could compromise hundreds of millions of machines.

The company brags that some 450 million users run the vulnerable platform and should manually update through the Adobe website.

The memory corruption hole (CVE-2015-7649) allows attackers to compromise Windows and Mac boxes and gain remote code execution.

Adobe says Fortinet reported the hole, which is rated critical.

"This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system," says.

Those running the latest version 12.2.0.162 and earlier will need to upgrade to 12.2.1.171.

The new bug comes after Adobe released a monthly batch of security updates and an emergency critical patch for Flash.

Those holes caused remote-code execution, information disclosure, and crashes across most browsers, platforms, and devices. ®

 

[upnorth]

Adobe = Oops!… I Did It Again.

Glad I don't have the Shockwave player.

 

[LabZero]

I don't use Flash Player nor Shockwave but .... thousands of users underestimated the problem for sure!

 

[frogboy]

I do not use shockwave but still am tied to flash for a while yet i guess.

 

[LabZero]

Well, the informed users, or those who have a sense of security, know to update browser/plug-in or avoid using these plug-in if they are not needed.
I wonder how many people know these things and they are up-to-date on these security news.
Security is an "optional".... unfortunately for many people.

 

[frogboy]

I know i am always up-to-date or at least to within a few hours anyway.

 

[hjlbx]

those who have a sense of security

Less than 0.01 % of all users... .....

 

[Kalimirro]

Adobe vulnerabilities are a major security issue for users worldwide, I have 0 adobe products in my PC or laptope.

 

[jamescv7]

Adobe Shockwave usually bundled on those computers (OEM) and sometimes its totally an old version so numbers isn't surprise why vulnerabilities are connected instantly.

 

[soccer97]

Adobe Shockwave usually bundled on those computers (OEM) and sometimes its totally an old version so numbers isn't surprise why vulnerabilities are connected instantly.

I ordered an HP laptop (out of service now) that was probably 2 years behind in Java updates, as well as Shockwave updates. I think one of them still had Macromedia instead of Adobe as their name (Before flash 9).

Point is: Many times users may already be 2 years behind or more in those really critical updates right out of the box. I would imagine that the Christmas surprise or excitement would overpower realizing the versions of software most exploited were unpatched (we are all human).

Maybe one day, less Bloatware will be standard (but the prices won't jump up too high). Throw in a copy of just the Original Clean OS (Windows 7, 8, 10 on an official USB or DVD in the box) and it's near perfect. It would save hours.

 

[jamescv7]

Maybe one day, less Bloatware will be standard (but the prices won't jump up too high).

Indeed but some manufacturers provides enough bundled program yet useful like for HP products compare to Toshiba.

Still a practical to purchase a machine with OS included as you can save more bucks unlike separate one by most majority consumers.