Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.
The update, which is rated "critical," addresses a total of five documented vulnerabilities. The most serious flaw could allow remote code execution attacks against Windows and Mac users.
From Adobe's bulletin:
Critical vulnerabilities have been identified in Adobe Shockwave Player 22.214.171.1241 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.The update applies to Shockwave Player 126.96.36.1991 and earlier versions. Adobe's patch can be downloaded here.