Adobe Patches Two Shockwave Player Vulnerabilities

Adobe today released a new version of its Shockwave Player that patches two critical vulnerabilities that could be remotely exploited.

Adobe said that it is not aware of public exploits for either security flaw.

The vulnerability affects Shockwave for Windows, versions 12.1.9.160 and earlier and Adobe urges users to update immediately to 12.2.0.162.

Adobe said both vulnerabilities, CVE-2015-66880 and CVE-2015-6681, are memory corruption bugs and could lead to code execution by a remote attacker.

This is the third security update from Adobe in as many weeks.

On Aug. 18, the company released a hotfix for a XML External Entity flaw in LiveCycle Data Services, the former Flex Data Services. The software is a development tool that streamlines application development. The vulnerability was found in BlazeDS, web-based messaging technology embedded in LiveCycle Data Services.

On Aug. 27, Adobe pushed out a hotfix for the same vulnerability, this time in ColdFusion implementations. The hotfix, which did not require a reboot, affected ColdFusion 11, Update 5 and earlier, as well as ColdFusion 10, Update 16. The bug was found in the Apache Flex BlazeDS component of ColdFusion and LiveCycle Data Services.

In July, Adobe spent time patching three zero-day vulnerabilities in Flash Player that were found in the data posted online that was stolen in the HackingTeam intrusion.

Provided from: Techcrunch.