Adobe warned Thursday of a critical bug in its Shockwave Player that affects both Windows and Macintosh PCs.
The bug, which was publicly disclosed Thursday, “could cause a crash and potentially allow an attacker to take control of the affected system,” Adobe said in a message on its website
The bug was found by Shahin Ramezany, a security researcher who said he released details of the problem to celebrate the fact that he now has 1,000 followers on Twitter.
IT World Security Events
Toronto: Set your IT Security Priorities Straight
Edmonton: Set your IT Security Priorities Straight
He had earlier promised to release an Adobe 0day when he crossed that threshold.
New Adobe Reader sandboxed, simplified
Hackers’ new ‘double-whammy’ attack threatens SMBs
In its security advisory, Adobe said it considers the issue “critical,” and is working on a patch for the flaw. The company isn’t saying when that patch will ship, however.
So far, there aren’t any reports of attacks that leverage the bug, but this type of public disclosure of a serious bug is often a harbinger of future attacks.
Set your IT security rriorities straight – attent the Computerworld technology insights event in Toronto, Nov. 18
Adobe’s Reader software has been a regular target for Web-based attacks over the past year, and while the Shockwave Player is used by about half as many people as Reader, it’s probably good enough for many hackers.
“Hundreds of millions of computers with Internet connectivity have Shockwave installed, so, this will obviously be an attractive target for attackers,” security vendor Symantec said Thursday in an e-mailed statement.
If attacks do become a problem, users can disable Shockwave in their Web browsers until a patch becomes available.
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is [email protected]