Security → Adobe Security Updates (4) incl. Shockwave

Adobe Shockwave Player 11.6.5.635 Security update
May 8, 2012

Adobe released a security update for Adobe Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to run malicious code on the affected system.

Adobe recommends users of Adobe Shockwave Player 11.6.4.634 and earlier for Windows and Macintosh update to Adobe Shockwave Player 11.6.5.635 using the instructions provided in the "Solution" section below.

Affected software versions
Shockwave Player 11.6.4.634 and earlier versions for Windows and Macintosh.

• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-2029).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-2030).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-2031).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-2032).
• This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2012-2033).

See the Security Bulletin for full details.

Downloads: »www.adobe.com/shockwave/ ··· ates/#sp
-or-
»get.adobe.com/shockwave/ ··· ersions/

Other Security releases today:
•Security bulletin for Adobe Flash Professional
•Security bulletin for Adobe Photoshop
•Security bulletin for Adobe Illustrator

Thanks chachazz

[sighs at Adobe, MS, etc.]

I am glad I don't use or have Shockwave. Flash and Reader are enough from Adobe!

Thank you, chazz!
(Man, it should be against the law for humans to have as much fun as I'm having today).
Update heaven!

Thanks again chazzy.

About to start all mine. So how many reboots will be required. My bet is 3.

Biggest problem is that the security patches for 3 of today's 4 updates require PAID upgrades to a newer version. Users of current versions of Photoshop CS, Flash Professional, and Illustrator won't be protected.

I noticed that Flash Player installs a Shockwave add-on....
Is it vulnerable too??

I don't if it is vulnerable but I'd like to know why this addon is different in IE6 and IE8? I have installed the latest Flash on both IE 6 and 8 both running on XP Pro computers.

On IE 6 I have Shockwave Flash Object 11.2.202.235 which is the latest Flash Player version.

On IE 8 I have Shockwave Flash Object 10.0.22.87 but I have the latest Flash Player version (11.2.202.235) installed on IE 8 so why isn't the Shockwave Flash Object the same version as Flash Player?

You might have to delete the .ocx file, it may not have updated .
I'm using the 11.3 beta 3.

Update to Security Bulletins for Adobe Illustrator (APSB12-10), Adobe Photoshop (APSB12-11) and Adobe Flash Professional (APSB12-12)
Created May 11, 2012

quote:

---

We just updated the following Security Bulletins initially posted on Tuesday, May 8, 2012:

•APSB12-10 – Security bulletin for Adobe Illustrator
•APSB12-11 – Security bulletin for Adobe Photoshop
•APSB12-12 – Security bulletin for Adobe Flash Professiona

We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.

Users may monitor the latest information on the Adobe Product Security Incident Response Team (PSIRT) Blog or by subscribing to the RSS feed at »blogs.adobe.com/psirt/atom.xml.

---

Yes..but

Adobe Changes Its Tune On Forcing Paid Upgrade To Fix Security Flaws

Posted by Soulskill on Saturday May 12, @01:35PM

»news.slashdot.org/story/ ··· ty-flaws