Adobe has released a critical security update that plugs at least a half-dozen security holes in its Shockwave media player software.
Adobe recommends users of Adobe Shockwave Player 184.108.40.2067 and earlier versions update to the newest version 220.127.116.118, available here. Updates are available for Windows and Mac systems. In its advisory on this update, Adobe says it is not aware of any active attacks against these flaws.
Before you try to update Shockwave, you should check to see if your system even has it installed. If you visit this link and see a short animation, it should tell you which version of Shockwave you have installed. If it prompts you to download Shockwave, then you don’t have Shockwave installed and in all likelihood don’t need it. If you update or install Shockwave, be on the lookout for pre-checked “extras”; my test installation of this update tried to foist a 30-day trial of Norton Internet Security.
Note that while Shockwave and Flash Player are both Adobe products, they are two separate things (Flash is far more abundant on the Web). I mention this because Flash Player still shows up as “Shockwave Flash” in Mozilla Firefox’s plugins listing. Incidentally, if you haven’t updated Flash Player to the latest version, you’ll want to take care of that now: The latest Flash Player update, released Oct. 8, fixes at least 25 security holes.