Adobe issued a security advisory earlier this week for a potentially serious flaw discovered in its Shockwave application. Adobe has quickly developed a fix for the issue, though, which will be available on Thursday.
The Adobe security advisory explains, "A critical vulnerability exists in Adobe Shockwave Player 18.104.22.1682 and earlier versions on the Windows and Macintosh operating systems. This vulnerability (CVE-2010-3653) could cause a crash and potentially allow an attacker to take control of the affected system."
The Shockwave Player is installed on more than 450 million Windows and Mac PCs. Shockwave may seem redundant when compared with Adobe Flash--both being Adobe applications dedicated to online interactive content.
The utility of the two programs are, in fact, quite similar. Shockwave is for content created with Adobe Director, and is geared toward multi-user games, interactive 3D simulations, online entertainment, and tutorials. Flash Player, on the other hand, is for content created with Adobe Flash Professional, and tends to be used more for Web site front-ends, online advertising, animations, and video content.
Adobe is stingy with the details of exactly what the flaw is, or how it might be exploited, but the security advisory does disclose the potential consequences of a successful exploit. A system crash is a nuisance, and is obviously undesirable, but any flaw that can be exploited to allow the attacker to take control of the vulnerable system is worth investigating and patching.
Adobe software is generally cross-platform and ubiquitous, making it an increasingly attractive target for malware developers. Adobe has moved quickly to develop a patch for this Shockwave vulnerability, and affected systems should be patched as soon as possible before attackers have time to figure out how to exploit it.
Adobe stresses that while this is a potentially serious issue, and the details have been publicly disclosed, there are no reports of the vulnerability being exploited in the wild.