Adobe releases patches for Wink Role player and Shockwave Actor

The new updates address xix critical vulnerabilities

CSO Senior Writer, IDG News Service |

Adobe released security updates for Flash Role player and Shockwave Actor on Tuesday in order to address a total of 19 vulnerabilities affecting the ii products.

New stand-lone versions of Flash Player 11 were released for Windows, Mac, Linux and Android. The Flash Player plug-ins arranged with Google Chrome and Cyberspace Explorer 10 will be automatically updated through the update mechanisms of the ii browsers.

The new Flash Player versions patch 17 vulnerabilities, 16 of which are disquisitional and can result in remote code execution. These vulnerabilities "could crusade a crash and potentially permit an attacker to take control of the affected organization," Adobe said in a security advisory. The other vulnerability could result in information disclosure.

New versions of Flash Player 10 have likewise been released for Windows, Mac and Linux in order to accommodate users who, for whatever reason, cannot upgrade to Wink Player 11.

Adobe AIR, a cross-platform runtime system for rich Internet applications, and the Adobe AIR SDK (Software Development Kit) accept also received updates considering they bundle Wink Player.

Adobe has a list of the new Flash Player and Adobe AIR version numbers for each specific platform in the "Solution" section of its APSB13-05 security advisory.

Adobe Shockwave Player, which is required for displaying some online content such as 3D games, product demonstrations, simulations and due east-learning courses created with Adobe's Managing director software, has been updated to version 12.0.0.112 for the Windows and Mac platforms. The new version addresses two disquisitional vulnerabilities that could let attackers to run malicious code on the underlying systems.

Shockwave Player is not as popular every bit Flash Player, merely co-ordinate to Adobe, information technology all the same has a user base of more than 450 million.

The patches released Tuesday follow Adobe's new security update cycle. Dorsum in November, the company announced that information technology will align its releases of Wink Player security updates with Microsoft's Patch Tuesday schedule, which sees security patches released on the second Tuesday of every month.

Notwithstanding, Adobe was forced to pause out of this schedule last Thursday when it released an emergency update for Flash Player in lodge to address two actively exploited vulnerabilities.

Adobe is non aware of any exploits or attacks in the wild that target any of the issues addressed in the new Flash Player or Shockwave Role player updates, said Heather Edell, senior manager of corporate communications at Adobe, in an email message on Tuesday.

Lucian Constantin is a senior writer at CSO, covering information security, privacy, and data protection.

Copyright © 2013 IDG Communications, Inc.