Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Adobe warns of Shockwave bug

A hacker shared details of the bug to celebrate his 1,000th Twitter follower

Adobe warned Thursday of a critical bug in its Shockwave Player that affects both Windows and Macintosh PCs.

The bug, which was publicly disclosed Thursday, "could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a message on its website.

In its security advisory, Adobe said it considers the issue "critical," and is working on a patch for the flaw. The company isn't saying when that patch will ship, however.

So far, there aren't any reports of attacks that leverage the bug, but this type of public disclosure of a serious bug is often a harbinger of future attacks.

Adobe's Reader software has been a regular target for Web-based attacks over the past year, and while the Shockwave Player is used by about half as many people as Reader, it's probably good enough for many hackers.

"Hundreds of millions of computers with Internet connectivity have Shockwave installed, so, this will obviously be an attractive target for attackers," security vendor Symantec said Thursday in an e-mailed statement.

If attacks do become a problem, users can disable Shockwave in their Web browsers until a patch becomes available.

The bug was found by Shahin Ramezany, a security researcher who said he released details of the problem to celebrate the fact that he now has 1,000 followers on Twitter. He had earlier promised to release an Adobe 0day when he crossed that threshold.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan@idg.com

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: Adobe, IDG, PSA, Symantec
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: Adobe, Adobe Systems, internet, security, Shockwave Player, software
Latest Blog Posts
Whitepapers
  • Miercom Report - Plug and Play Switches
    Avaya engaged Miercom to evaluate the plug and play features and ease of configuration of the ERS 4548GT- PWR Edge Switch. The energy efficiency of the ERS was compared to similar switches and is discussed in this report as well. Read on.
    Learn more »
  • The mobile print enterprise - How IT consumerisaton is driving anytime, anywhere printing
    The widespread adoption of smartphones and tablets, across Android, BlackBerry and Apple iOS platforms, has broadened the effectiveness of professional workers to remotely support business requirements. A continued reliance on printing amongst many businesses means IT must provide enterprise mobile printing capabilities that are secure and reliable. This not only ensures employees remain productive but also allows mobile printing to be tracked and controlled – vital in an era when many businesses face financial, environmental and security concerns. Read more.
    Learn more »
  • Security Threat Report 2012
    This threat report shares the latest research on hacktivism, online threats, mobile malware, cloud computing, and social network security looking ahead to the coming year.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments