Advertisement
<a href="http://krebsonsecurity.com/updates-for-adobe-flash-shockwave-air/?administer_redirect_13=http://abaca.com/free_trial.html"><img src="/a-ab/missing.gif" /></a>
  • About the Author
  • About this Blog

    • Posts Tagged: shockwave

    Time to Patch14 Comments
    10
    Aug 11

    Updates for Adobe Flash, Shockwave, AIR

    Adobe has shipped patches to fix a slew of critical security flaws in its products, including Flash, Shockwave Player and Adobe AIR.

    The Flash update corrects at least 13 critical vulnerabilities present in versions 10.3.181.36 and earlier for Windows, Mac, Linux and Solaris machines (the bugs exist in Flash versions 10.3.185.25 and earlier for Android devices). Windows, Mac, Linux and Solaris users should upgrade to version 10.3.183.5, and Android users should update to v. 10.3.186.2.

    To find out which version of Flash you have, visit this page. Windows users who browse the Web with anything other than Internet Explorer will need to apply the Flash update twice, once using IE and again with the other browser (Google Chrome users should already have the latest version of Flash). To avoid using Adobe’s annoying Download Manager, IE users can grab the latest update directly from this link; the direct link for non-IE browsers is here.

    Continue reading →

    Security Tools41 Comments
    30
    Mar 11

    Test Your Browser’s Patch Status

    With new security updates from vendors like Adobe, Apple and Java coming out on a near-monthly basis, keeping your Web browser patched against the latest threats can be an arduous, worrisome chore. But a new browser plug-in from security firm Qualys makes it quick and painless to identify and patch outdated browser components.

    Qualys Browser Check plug-inThe Qualys BrowserCheck plug-in works across multiple browsers — including Internet Explorer, Firefox, Chrome and Opera, on multiple operating systems. Install the plug-in, restart the browser, click the blue “Scan Now” button, and the results should let you know if there are any security or stability updates available for your installed plug-ins (a list of the plug-ins and add-ons that this program can check is available here). Clicking the blue “Fix It” button next to each action item listed fetches the appropriate installer from the vendor’s site and prompts you to download and install it. Re-scan as needed until the browser plug-ins are up to date.

    Secunia has long had a very similar capability built into its free Personal Software Inspector program, but I realize not everyone wants to install a new program + Windows service to stay abreast of the latest patches (Secunia also offers a Web-based scan, but it requires Java, a plug-in that I have urged users to ditch if possible). The nice thing about Qualys’ plug-in approach is that it works not only on Windows, but also on Mac and Linux machines. On Windows 64-bit systems, only the 32-bit version of Internet Explorer is supported, and the plug-in thankfully nudges IE6 and IE7 users to upgrade to at least IE8.

    Having the latest browser updates in one, easy-to-manage page is nice, but remember that the installers you download may by default come with additional programs bundled by the various plug-in makers. For example, when I updated Adobe’s Shockwave player on my test machine, the option to install  Registry Mechanic was pre-checked. The same thing happened when I went to update my Foxit Reader plug-in, which wanted to set Ask.com as my default search provider, set ask.com as my home page, and have the Foxit toolbar added.

    Latest Warnings / Time to Patch35 Comments
    8
    Mar 11

    Patch Tuesday, Etc.

    Microsoft has issued security updates to fix at least four security holes in its Windows operating system and other software. Not exactly a fat Patch Tuesday from Microsoft, but depending on how agile you are in updating third-party applications like Flash, iTunes and Shockwave, you may have some additional patching to do.

    One of the updates from Microsoft earned a “critical” rating, meaning Redmond believes it could be exploited to break into vulnerable systems with little to no help from users. That flaw, a bug in the way Windows Media Player and Media Center process certain types of media files, could be leveraged by convincing a user to open a tainted video file. This flaw affects Windows XP, Vista and Windows 7.

    Continue reading →

    Time to Patch9 Comments
    25
    Aug 10

    Adobe, Apple Issue Security Updates

    Both Adobe and Apple have released security updates or alerts in the past 24 hours. Adobe pushed out a critical patch that fixes at least 20 vulnerabilities in its Shockwave Player, while Apple issued updates to correct 13 flaws in Mac OS X systems.

    The Adobe patch applies to Shockwave Player 11.5.7.609 and earlier on Windows and Mac operating systems. Adobe recommends that users upgrade to Shockwave Player 11.5.8.612, available at this link. But before you do that, you might want to visit this link, which will tell you whether or not you need to update, and indeed whether you currently have Shockwave installed at all. If you visit it and don’t see an animation, then you don’t have Shockwave (and probably aren’t missing it either).

    One other note about Shockwave: Firefox users may notice a “Shockwave Flash” entry when they click “Tools,” “Add-0ns,” and then the “Plugins” tab. For reasons that are too complicated to explain in one breath, this is actually Adobe’s name for its regular Flash player, which most people probably do want installed because can be difficult to browse and use the Internet without it.  By the way, if you haven’t updated your Flash Player in a while, Adobe issued a new version of that software on Aug 10 that plugged a half dozen security holes.

    Apple’s update affects Mac OS X Server 10.5, Mac OS X 10.5.8 , Mac OS X Server 10.6 , Mac OS X 10.6.4 and is available via Software Update or from Apple Downloads.

    Latest Warnings / Time to Patch22 Comments
    12
    May 10

    Microsoft, Adobe Push Critical Security Updates

    Microsoft Corp. and Adobe Systems each released security updates on Tuesday. Microsoft issued two “critical” patches that address one security flaw apiece, while Adobe’s patches fix a whole mess of serious vulnerabilities in its software.

    One of the critical updates pushed by Microsoft fixes a flaw in Outlook Express, Windows Mail and Windows Live Mail. On older versions of Windows (Windows XP for example) Outlook Express is installed by default, while Windows Mail and Windows Live Mail generally require users to affirmatively download and install the program.

    The other MS patch addresses a vulnerability in Microsoft Office, but the problem may turn out to be more complex down the road for some users. The trouble is that the vulnerable component, Microsoft Visual Basic for Applications is used not only by Microsoft Office products, but it’s also a component that is potentially installed by many third-party software apps built to work with Windows.

    Continue reading →

    Time to Patch27 Comments
    23
    Jan 10

    Adobe Ships Critical Shockwave Update

    Last week, Adobe Systems Inc. shipped critical security updates for its PDF Reader software. Now comes an update that fixes at least two critical flaws in Adobe’s Shockwave Player, a commonly installed multimedia player.

    Not sure whether you even have Shockwave Player on your system? You’re not alone. Because of a long history of rebranding between Macromedia and Adobe, the various naming conventions used for this software are extremely confusing. Here’s Adobe’s effort to draw clearer distinctions between the Flash and Shockwave multimedia players:

    Continue reading →