Security Flaw In Shockwave Player, Confirms Adobe
Adobe recently confirmed that its Shockwave Player software had a critical security flaw that wasn't yet patched. Incidentally, Shockwave Player helps in executing multimedia programs developed via Adobe's Director.
The latest problem reportedly, first came into the notice of an organization called Abyssec Security Research according to which, it's possible to abuse the flaw if a maliciously designed DCR or DIR file is opened. Abyssec outlined through its public disclosure of the flaw that it affects computers running Windows XP's Service Pack 3. It also affects the later editions of Windows even if there're adequate security mitigations for stopping these kinds of assaults.
Enlightening further on Abyssec's discovery, Adobe through its security advisory stated that vulnerability of critical nature existed within Adobe Shockwave Player 18.104.22.1682 as well as older editions on the Macintosh and Windows operating systems. The flaw named CVE-2010-3653 was capable of resulting in a crash as well as letting a hacker gain control over a vulnerable system, the advisory added. Softpedia.com published this on October 22, 2010.
Specifically, anyone on the Web can exploit the flaw and apparently utilize it for contaminating computer operators with malicious software through drive-by download assaults.
In the meantime, no report has so far come about assaults which abuse the bug, however, a public revelation of the kind made recently regarding a severe flaw usually heralds future assaults.
Since a high popularity associates with the Shockwave Player globally so the program possibly is quite fine for hackers to target. According to Symantec the security vendor, innumerable PCs connected online have Shockwave loaded; therefore it's pretty obvious that hackers will find this software greatly attractive for attack. PCWorld.com published this on October 21, 2010.
Meanwhile, since Shockwave Player's vulnerability is highly serious, Adobe is actively communicating everything to its associates within the security industry regarding this flaw so that they can fast develop identification as also quarantine procedures for safeguarding users till the time a patch comes into the fore.
Nevertheless, if assaults do become an issue, consumers are recommended that they should deactivate Shockwave Player inside their Web-browsers till the time a patch is ready.
Related article: Securities Push Up A Must For Web Companies
» SPAMfighter News - 02-11-2010