Adobe has issues a “Critical” update for its Shockwave player. By Critical, they mean that a bad guy could potentially run software on your machine that could expose you to malware or viruses without you knowing. In the past, you got viruses because you downloaded a file or clicked on an email attachment, so you knew you were “safe” as long as you followed basic common sense. Now a days, instead of trying to trick you, they just look for issues in software and then use those issues to get past you and any security you may have on your pc.
Imagine your home, every time you leave, you check all your windows and doors and make sure they are locked (at least I hope you do). Now imagine that the lock to the front door breaks and falls off, and instead of getting a new lock, you just shut the door and hope no one notices. Guess what, you may get away with it for a while, but eventually your luck may run out and a bad guy will use the broken lock to get in and steal from you. These critical updates are the computer equivalent of that lock on your door. By updating, you are going out and getting a newer / better lock.
For those Geeks out there, here is some basic information on the alert. The complete alert can be found at (LINK) Adobe (http://www NULL.adobe NULL.com/support/security/bulletins/apsb11-27 NULL.html)
Security update available for Adobe Shockwave Player
Release date: November 8, 2011
Vulnerability identifier: APSB11-27
CVE number: CVE-2011-2446, CVE-2011-2447, CVE-2011-2448, CVE-2011-2449
Platform: Windows and Macintosh
Summary
Critical (http://www NULL.adobe NULL.com/devnet/security/security_zone/severity_ratings NULL.html) vulnerabilities have been identified in Adobe Shockwave Player 11.6.1.629 and earlier versions on the Windows and Macintosh operating systems. These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions update to Adobe Shockwave Player 11.6.3.633 using the instructions provided below.
Affected software versions
Shockwave Player 11.6.1.629 and earlier versions for Windows and Macintosh
So how do you know if your computer has Adobe Shockwave installed. PC users, you can go to Start –> settings –> Control Panel –> Add/Remove programs (XP and earlier) or Programs and Features (Vista and Win 7). Then look at the list of installed programs, if you see Adobe Shockwave installed, then you have it. (It doesn’t matter if it is used or not, it just matters that its installed on your pc).
So you ask “What is the Shockwave program, and more importantly, why do I have it?” or “I don’t remember downloading that?”. The answer is that you didn’t, at least most likely not directly downloaded. From (LINK) Wikipedia (http://en NULL.wikipedia NULL.org/wiki/Adobe_Shockwave)
“Adobe Shockwave (formerly Macromedia Shockwave) is a multimedia platform used to add animation and interactivity to web pages”
Which means that if you play 1 of 1000’s of various online games, you probably saw a pop up that said something along the lines of “This program requires Adobe Shockwave, Do you wish to download it” (That’s NOT the exact wording), and since the majority of people never read those pop up’s, you just clicked run and went along playing your game.
So now what do you do if you find that you have it. Here is the solution directly from Adobe
Solution
Adobe recommends users of Adobe Shockwave Player 11.6.1.629 and earlier versions upgrade to the newest version 11.6.3.633 available here: http://get.adobe.com/shockwave/ (http://get NULL.adobe NULL.com/shockwave/).
When you click on the link from Adobe, you will arrive at the following page.
Click on Agree and Install now. This will bring up one of the following pop ups where you will click on Install (Yes I know again)
or
**Be aware of a pop up that you may see after you click install. (This pop up really gets me !@#!@$!%%^!&!*&)
If you see a pop up for the Google Toolbar or Any other Toolbar make sure to uncheck the box before clicking next. (Commentary: If this is a critical update, as noted, Why Adobe, WHY! are you trying to sneak in software that should stand on its own. If people want a toolbar let them go and get it, don’t try to get paid or whatever other benefit you are getting for tricking people who either don’t know or don’t read messages to end up with something else they probably DON’T NEED! That’s the end of my soapbox)
Once you see your browser show the following message
You have completed the update for this browser. I know your saying WHAT! Unfortunately Shockwave comes in 2 versions. One version is for Internet Explorer and One version is for all other web browsers (that’s the program you use to surf the web). The instructions above were based on Internet Explorer, if you have a 2nd (or more) browser installed like Firefox, Chrome, Opera, etc. then you need to do this again using one of those browsers. Remember it doesn’t matter if you don’t use them, if they are installed on your pc, then you MUST do the upgrade. Just follow the exact same steps with the other browser to complete the upgrade.
Lastly, the focus of this post was for Windows users, but Mac users, keep in mind this affects you too. If you have a Mac you should do this update as well.
A new update to has been released for Adobe Flash. According to Adobe this is a “These updates address a critical (http://www NULL.adobe NULL.com/support/security/severity_ratings NULL.html) vulnerability in the software”.
