Adobe Shockwave Player update addresses critical vulnerability

Adobe on Tuesday released a security update for Shockwave Player that addresses a critical vulnerability.

According to a security bulletin, the issue is a memory corruption vulnerability – CVE-2015-7649 – that could lead to code execution and potentially enable an attacker to take control of an affected system.

In a release emailed to SCMagazine.com on Tuesday, Adobe said it is “not aware of any exploits in the wild for issues addressed in this update.”

Shockwave Player versions 12.2.0.162 and earlier are affected – the update received the highest priority rating and the vulnerability is deemed critical, so Windows and Macintosh users are encouraged to update to 12.2.1.171 as soon as possible.

In the security bulletin, Adobe thanked Fortinet's Fortiguard Labs for reporting the issue.