Adobe today released a patch to fix several serious security flaws in its Shockwave Player software.
The update, which is rated "critical," addresses a total of five documented vulnerabilities. The most serious flaw could allow remote code execution attacks against Windows and Mac users.
From Adobe's bulletin:
Critical vulnerabilities have been identified in Adobe Shockwave Player 220.127.116.111 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system. Adobe has provided a solution for the reported vulnerabilities. It is recommended that users update their installations using the instructions provided below.The update applies to Shockwave Player 18.104.22.1681 and earlier versions. Adobe's patch can be downloaded here.