ID: IRCNE2012121709
Date: 2012-12-22
According to "techworld", Adobe plans to close a dangerous hole in its Shockwave application in February that causes the application to be downgraded when a user launches older multimedia content, allowing hackers to target years-old vulnerabilities.
The US Computer Emergency Readiness Team (US CERT) issued an advisory on the vulnerability, which could allow an attacker to deliver malware and execute arbitrary code, considered to be one of the most dangerous kinds of flaws.
US CERT notified Adobe of the problem on October 27, 2010, but an Adobe spokesperson said yesterday that the problem will be closed with the next major upgrade of Shockwave, scheduled for February 12.
"We are not aware of any active exploits or attacks in the wild using this particular technique," said Wiebke Lips, senior manager with Adobe corporate communications. Adobe did not consider the issue a high risk to users.
- 2