Both Adobe and Apple have released security updates or alerts in the past 24 hours. Adobe pushed out a critical patch that fixes at least 20 vulnerabilities in its Shockwave Player, while Apple issued updates to correct 13 flaws in Mac OS X systems.
The Adobe patch applies to Shockwave Player 11.5.7.609 and earlier on Windows and Mac operating systems. Adobe recommends that users upgrade to Shockwave Player 11.5.8.612, available at this link. But before you do that, you might want to visit this link, which will tell you whether or not you need to update, and indeed whether you currently have Shockwave installed at all. If you visit it and don’t see an animation, then you don’t have Shockwave (and probably aren’t missing it either).
One other note about Shockwave: Firefox users may notice a “Shockwave Flash” entry when they click “Tools,” “Add-0ns,” and then the “Plugins” tab. For reasons that are too complicated to explain in one breath, this is actually Adobe’s name for its regular Flash player, which most people probably do want installed because can be difficult to browse and use the Internet without it. By the way, if you haven’t updated your Flash Player in a while, Adobe issued a new version of that software on Aug 10 that plugged a half dozen security holes.
Apple’s update affects Mac OS X Server 10.5, Mac OS X 10.5.8 , Mac OS X Server 10.6 , Mac OS X 10.6.4 and is available via Software Update or from Apple Downloads.
Does Shockwave have any useful value? I cannot recall any website using it for anything worthwhile.
I’ve seen it needed on just one game on one children’s web site (I don’t remember which web site), so we installed it on their Mac. I also had it installed on my Mac, and when I went to the test page, it complained that I needed to run Safari in 32bit mode and locked-up the browser. Obviously, I haven’t needed it on my Mac, so I removed it. I did update the kid’s Mac with Shockwave 64bit version (that runs on Safari in 64bit mode) for the kids to be able to play their game.
> For reasons that are too complicated to explain in one breath, this is actually Adobe’s name for its regular Flash player
Brian, does this mean that you actually figured out the reason? Please, don’t leave us hanging like that. Or is http://krebsonsecurity.com/2010/01/adobe-ships-critical-shockwave-update/#comment-971 still “state of the art”?
Heh, you got it, Wladimir 🙂
On a related note, does anyone else have a hard time updating Adobe Flash player? Often, FireFox or Secunia PSI will tell me my version is out-of-date, and provide a link to Adobe’s site when I can download the updated version. Then Adobe makes me go to all the trouble of installing their silly “DLM” so I can download their update, which ends up NOT being the latest version.
It’s easier for me now to just go to FileHippo.com where I can download the most recent version as a standalone installer.
Jonathan,
I’ve noticed that when you update Flash with the Adobe Updater, it’s very easy at some point in the process to hit “cancel” because of Adobe’s weird signage during the installation. If I recall, it’s something about closing open applications continue/no and it’s tricky understanding which one to press.
I just use File Hippo’s update checker to download and update anything Adobe. Never a problem one! I always reboot when I’m finished to get rid of anything left behind as an aid furnished by Adobe.
Adobe still insists that everybody is in need of the toolbar. What a batch of jerks.
If I included 1/10 of toolbars offered, there would be no room for my desktop. Just how much revenue can a toolbar generate?
were i a dr. evil type, how better to get a trojan on everyone’s system regardless of platform than require a proprietary install like flash which crashes easily and retains cookies forever on most joe 6 pack’s systems?
just sayin’