Adobe slaps 20 patches on Shockwave

Adobe is a victim of its success, say experts

Adobe has issued a patch fixing 20 vulnerabilities in its Shockwave media player.

The patches cover Adobe Shockwave Player 11.5.7.609 for both the Windows and Mac platforms, and the company is rating the update as critical.

“The vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system,” the company said in a security advisory.

Eighteen out of the 20 fixes cover problems that would allow remote code execution of affected systems. Of the other two, one could allow a denial-of-service attack while the other flaw would allow a denial attack and could theoretically be exploited to allow remote code execution, although no attacks have been spotted in the wild.

Adobe has been plagued by a series of attacks on its software by crackers looking to exploit the popularity of its software. The company has shifted to a monthly patching cycle and teamed up with Microsoft to share security information with third parties.

“Adobe’s doing a very good job at producing solid code and patching, but so many people are targeting its software,” Tom Cross, manager of IBM X-Force Research, told V3.co.uk.

“The bottom line is it’s a really popular set of software products and a lot of people have them on their PCs. If it wasn’t Adobe it would be another software house.”