Saturday, January 23, 2010

New Shockwave security update

Brian Krebs reports on a new vulnerability, this time on Shockwave. He also describes how Shockwave is different from Flash. Here's the report from Adobe.

My personal recommendation is to actually uninstall Shockwave and just keep Flash, unless you really remember using it.

Download the latest version here

Note to SecBrowsing users
SecBrowsing was just updated to point users to version 11.5.6. Unfortunately, on Windows, the plugin still reports "11.5" as its version, so it's impossible to identify the vulnerable version (11.5.2) from the safe one (11.5.6).

Until we have a nicer way of showing users that we can't detect the version correctly, I've decided to keep pointing users to the latest version, even if they have already installed it.

If you have installed Shockwave 11.5.6 (released Jan 19, 2010), please ignore the warning, you do not need to reinstall it.

You can check your exact version on Adobe's website. If you are out-of-date, please download the latest version here.