Adobe addresses critical Shockwave Player vulnerabilities

A security update for Adobe Shockwave Player was released on Tuesday – it addresses critical memory corruption vulnerabilities that could possibly be exploited by an attacker to take control of an affected Windows system.

Updating to Shockwave Player 12.2.0.162 should address the bugs, CVE-2015-6680 and CVE-2015-6681, which could lead to code execution, an advisory said, crediting Tongbo Luo of Palo Alto Networks with reporting the issues.

In a release emailed to SCMagazine.com, Adobe said it is not aware of any exploits in the wild that are targeting these vulnerabilities. However, the company referred to the bugs as critical and rated the update Priority 1 due to a high risk of exploitation and because code execution is possible.

Adobe has released a number of security updates in recent months to address critical vulnerabilities, notably in Flash Player