Adobe has identified nine “critical” vulnerabilities in Shockwave Player 11.6.3.633 and earlier versions for the Mac and Windows platforms that could allow attackers to run malicious code on the affected systems. The company is advising all users to update to the latest version for their system version, but only the new v11.6.4.634 is protected from the vulnerabilities, which revolve around a memory corruption issue in Shockwave 3D assets.
Adobe’s Flash and Shockwave browser plug-ins suffered numerous security issues over the course of 2011, resulting in frequent patches and updates. The latest version of Shockwave addresses a heap overflow vulnerability as well, but all nine patched vulnerabilities give attackers the ability to execute code on affected machines.
The latest version of Shockwave Player is available here. Users on OS versions too old to run the latest Shockwave are advised to disable the plug-in entirely unless and until Adobe issues a patch for older versions.
