Adobe Patches Crucial Vulnerabilities within Shockwave Player
Adobe, which has made available its 220.127.116.114 version of Shockwave Player, aims at fixing 9 security flaws which existed within the application's earlier editions for Mac and Windows OS (operating systems), published Softpedia.com on February 14, 2012.
Citing two security flaws within its Shockwave 3D Asset, namely heap overflow and memory corruption, Adobe explains that any attacker who may exploit them could run malware on the vulnerable computer.
A standard element, 3D Asset lets users of Shockwave Player open and read particular files crafted in 3D format. The last time Adobe patched 3D Asset was in June 2011.
Another security update, which Adobe has made available, is for RoboHelp in the context of Word ever-since a crucial vulnerability was detected within RoboHelp's 8th and 9th versions.
But, separately, Adobe patched one flaw rated "important" within RoboHelp 9/8 affecting Word when running Windows. Adobe cautioned that by using one maliciously-crafted website, an XSS (cross-site scripting) assault could be executed against Web-based traffic produced via RoboHelp for Word.
Reportedly, RoboHelp is software, which technical developers and authors use for making 'Help' menus when connected online for desktop or Web-based programs.
The Adobe products, particularly Shockwave, Flash and Reader, represent software that cyber-criminals target most owing to their widespread usage. Indeed, during January 2012, Brad Arkin, Director of Product Security at Adobe disclosed that many organizations of the defense industry, including Lockheed Martin the defense contractor faced much personalized assaults sequentially that exploited security flaw within Adobe Reader version 9 the organizations used. Thread Post published this on February 14, 2012.
Further, according to Arkin, Adobe currently concentrates more on making it harder for obtaining attack codes that may abuse vulnerabilities instead of attempting at weeding out flaws within the source-codes of its products.
In addition, it's further observed that along with Adobe, other companies too published their patches. Microsoft, for February 2012, issued its Patch Tuesday updates coinciding with Adobe's day of release, while Mozilla issued the 10.1 version of its Firefox towards plugging a hole, which otherwise made end-users vulnerable to drive-by downloads through the Web-browser's latest edition released just this January, 2012.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 20-02-2012