Adobe reacts to Shockwave hole with patch

Adobe Systems has released a patch for its Shockwave Player to fix a critical vulnerability, the company wrote on its security blog on Tuesday.

Adobe didn't provide many details on the vulnerability but wrote that it is remotely exploitable, meaning a hacker could use it to infect a computer with malicious software over the Internet.

Shockwave Player is used to display content created by Adobe's Director program, which offers advanced tools for creating interactive content, including Flash. The Director application can be used for creating 3D models, high-quality images and full-screen or long-form digital content and offers greater control over how those elements are displayed.

The vulnerability affects Shockwave Player version 11.5.0.596 and earlier. Users should uninstall the old version and install version 11.5.0.600, which is available for download.

Shockwave Player is installed on 450 million desktops, according to Adobe.

The company was tipped off to the vulnerability by security vendor TippingPoint Technologies' Zero Day Initiative, which pays security researchers for vulnerability information that is responsibly disclosed.

In May, Adobe announced it was undertaking a thorough review of legacy code in products such as Acrobat and Reader after hackers have taken advantage of dangerous vulnerabilities. The company also introduced a regular patching routine, saying it would release patches every three months on the second Tuesday of the month, the same day that Microsoft releases its own fixes.

The patch for Shockwave Player, however, deviates from the schedule. Adobe last released patches on 9 June and isn't due for a release until September. Adobe offered no explanation on its blog post. However, it may be taking a cue from Microsoft, which will push out emergency patches off schedule for particular dangerous problems.