Thursday, October 21, 2010

Critical 0-day vulnerability in Adobe Shockwave for Director -- disable now

There's a zero-day vulnerability with code sample available. In the past, that usually lead to active exploits within a few days.

The only defense right now is to disable Shockwave:
  • Type about:plugins, hit enter.
  • Find "Shockwave for Director" (no, not Shockwave Flash)
  • If you can't find it, good! Otherwise, click "Disable".
Adobe has released an advisory but there's no patch to download yet

In a previous post I was counting over 1 vulnerability per week:

In an even older post I tried to answer some common questions such as "What is Shockwave for Director?"