Shockwave Player 11.6.8.638 addresses six arbitrary code execution vulnerabilities Adobe has fixed six critical vulnerabilities in Shockwave Player that could potentially be exploited by attackers to execute malicious code, via the release of version 11.6.8.638 of the software. Five of the patched flaws are buffer overflow vulnerabilities and one is an out-of-bounds array bug. Adobe credits Will Dormann of CERT and Honggang Ren of Fortinet’s FortiGuard Labs with reporting the issues.“Adobe recommends users of Adobe Shockwave Player 11.6.7.637 and earlier versions update to the newest version 11.6.8.638,” the company said in a security advisory accompanying the release on Tuesday. The new version is available for the Windows and Mac platforms.“Adobe is not aware of any exploits in the wild for any of the issues patched in this release,” Wiebke Lips, Adobe’s senior manager of corporate communications, said via email. While not nearly as popular as Flash Player, Shockwave Player is installed on 450 million Internet-enabled desktops, according to Adobe, which might make it an attractive target for attackers. The product is required to display online content created with Adobe’s Director software, like 3D games, product demonstrations, simulations or e-learning courses, inside browsers. Related content brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security news Gitlab fixes bug that exploited internal policies to trigger hostile pipelines It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies. By Shweta Sharma Sep 21, 2023 3 mins Vulnerabilities feature Key findings from the CISA 2022 Top Routinely Exploited Vulnerabilities report CISA’s recommendations for vendors, developers, and end-users promote a more secure software ecosystem. By Chris Hughes Sep 21, 2023 8 mins Zero Trust Threat and Vulnerability Management Security Practices news Insider risks are getting increasingly costly The cost of cybersecurity threats caused by organization insiders rose over the course of 2023, according to a new report from the Ponemon Institute and DTEX Systems. By Jon Gold Sep 20, 2023 3 mins Budget Data and Information Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe