Adobe patches two critical flaws

Shockwave and RoboHelp flaws are covered by Adobe in a busy week for patching.

Security

Adobe has issued two patches for critical vulnerabilities affecting its Shockwave Player software and RoboHelp for Word authoring product.

Two bulletins were issued on Tuesday, one of them addressing nine security flaws most of them memory corruption vulnerabilities - in Shockwave version 11.6.3.633 and earlier versions on Windows and Mac OS.

"These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said in its advisory.

These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code.

There was just one vulnerability - CVE-2012-0765 in RoboHelp, affecting Windows users only.

"A specially crafted URL could be used to create a cross-site scripting attack on Web-based output generated using RoboHelp for Word," Adobe warned in a separate advisory.

"Adobe recommends users update their product installation."

Microsoft yesterday issued its Patch Tuesday release for February, covering 21 vulnerabilities, including a critical update to Internet Explorer.

The patches came on the same day security company Secunia slammed the software industry for not doing enough to promote patching and ease the burden for IT managers.

Secunia's annual patch report found none of the top 20 software providers, including tech giants like Apple, Microsoft and Google, were able to cut the number of flaws in their products over the past five years.

"Vendors in general should improve their communication to customers and the patch distribution mechanism (for consumers that would imply auto updating)," said Thomas Kristensen, chief security officer at Secunia.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Politicians need to stop talking about technology
Policy & legislation

Politicians need to stop talking about technology

21 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020