Here's a timeline of the vulnerability reports that went into the latest release:
- May 11, 2010:
- Shockwave 11.5.7 is released
- Unknown date: As of Aug 24, I could not find details for these vulnerability reports:
- CVE-2010-2863
- CVE-2010-2864
- CVE-2010-2865
- CVE-2010-2868
- CVE-2010-2869
- CVE-2010-2880
- CVE-2010-2881
- CVE-2010-2882
- May 27, 2010:
- CVE-2010-2866
- CVE-2010-2867
- CVE-2010-2870 example
- Jun 30, 2010:
- CVE-2010-2871
- CVE-2010-2872
- CVE-2010-2873
- CVE-2010-2874 example
- Jul 7, 2010:
- CVE-2010-2875 example
- Jul 20, 2010:
- CVE-2010-2876 example
- Aug 11, 2010:
- CVE-2010-2877
- CVE-2010-2878
- CVE-2010-2879 example
- Aug 24, 2010:
- Shockwave 11.5.8 is released
---
Why update and disable plugins?
Exploits in the browser and its plugins are the most common way people's computers get malware. It happens simply by browsing to a site, without any user interaction. It can be triggered by
- Randomly browsing the web, landing on a site that has been hacked.
- Browsing a site that runs a malicious banner ad. The ad only needs to run for a few minutes on a popular site to get thousands of people infected.
- Following a URL sent by a friend, whose email/IM account was compromised. This can also be a targeted attack against your organization.
Most plugins have a really bad security history, and are not required for most websites. Disabling them is many times a good option.