Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe Releases Surprise Shockwave Player Patch - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Releases Surprise Shockwave Player Patch

Adobe today released a surprise patch for Shockwave [1]. The patch fixes one vulnerability, CVE-2015-7649 and Adobe's Shockwave Player on Windows and OS X is affected. The vulnerability is used in targeted exploit and Adobe learned about it from Fortinet's Fortiguard Labs. The latest version of Shockwave Player is now 12.2.1.171 and it replaces version 12.2.0.162.

Update: We got an email from someone at Adobe stating this vulnerability has not yet been exploited in the wild. Our initial assessment was based on the priority rating of "1" which Adobe descripes as "This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible. (for example, within 72 hours)." and the fact that Fortiguard is credited in the Advisory. Fortiguard does track exploitation attempts detected by Fortinet customers.

 

[1] https://helpx.adobe.com/security/products/shockwave/apsb15-26.html

---
Johannes B. Ullrich, Ph.D.
STI|Twitter|LinkedIn

I will be teaching next: Defending Web Applications Security Essentials - SANS Security West 2019

Johannes

3510 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!