Category Archives: Shockwave

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Shockwave, Windows

Patch Tuesday for March 2019

Leave a comment

You know, it’s theoretically possible that we could get a Patch Tuesday with no updates to install. We’ve had months like that for Adobe products. Not for Microsoft, though, at least not in my memory.

Anyway… this month from Microsoft we have thirty-four updates, addressing seventy-five security vulnerabilities in Internet Explorer, Edge, Flash in Microsoft browsers, Office, and Windows. At least that’s what my analysis shows. The source of this information, Microsoft’s Security Update Guide, is a complex beast.

Reminder: these updates are only for versions that are still supported. Windows XP is no longer supported, and Windows 7 won’t be for much longer. Versions of Office older than 2010 are no longer supported, and Office 2010 support will end later in 2019.

It was a busy month for Adobe, with updates to Flash, Reader, and Shockwave.

Flash 32.0.0.171 includes fixes for two vulnerabilities in earlier versions.

Acrobat Reader DC, the variant of Adobe’s Acrobat/Reader product line you probably use, is up to version 2019.010.20099. The new version addresses twenty-one vulnerabilities in earlier versions.

Shockwave Player 12.3.5.205 addresses seven security bugs in earlier versions. You’re slightly less likely to have this software installed on your computer, but it’s worth checking if you’re not sure.

There are links to download the new versions on all the release announcement pages linked to above.

Adobe, Chrome, Edge, Flash, Internet Explorer, Patches and updates, Security, Shockwave

November updates for Adobe products

Leave a comment

Adobe logoYesterday, Adobe announced updates for several of its main products, including Flash, Acrobat Reader, and Shockwave.

Flash 27.0.0.187 addresses five critical vulnerabilities in earlier versions. You can download the new desktop version from the main Flash download page. That page usually offers to install additional software, which you should avoid. Chrome will as usual update itself with the new version, and both Internet Explorer and Edge will get their own updates via Windows Update.

Acrobat Reader 11.0.23 includes fixes for a whopping sixty-two vulnerabilities, all flagged as critical, in earlier versions. Download the full installer from the Acrobat Reader Download Center.

Shockwave Player 12.3.1.201 addresses a single critical security issue in earlier versions. Download the new version from the Adobe Shockwave Player Download Center.

If you use Flash, Reader or Shockwave to view content from untrusted sources, or if you use a web browser with add-ons enabled for any of these technologies, you should update affected systems immediately.

Adobe, Edge, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Shockwave, Silverlight, Windows

Patch Tuesday updates from Microsoft and Adobe

1 Comment

It looks like Microsoft fixed the technical issues that led to February’s updates being postponed until March. Today they announced eighteen updates that address security issues in Windows, Internet Explorer, Edge, Office, Silverlight, as well as Windows Server software, including Exchange.

Critical vulnerabilities for which updates were expected in February, including an SMB flaw in Windows (CVE-2017-0016), and two others that were disclosed by Google’s Project Zero that affect the Windows GDI library (CVE-2017-0038), and Internet Explorer and Edge (CVE-2017-0037), finally get fixes today.

A total of one hundred and forty vulnerabilities are addressed by today’s updates from Microsoft. That’s higher than usual, but of course this is two months’ worth of updates.

Adobe’s contribution to the patching fun this month is new versions of Flash and Shockwave. Flash 25.0.0.127 includes fixes for seven vulnerabilities in earlier versions, while Shockwave 12.2.8.198 resolves a single security issue in versions 12.2.7.197 and earlier.

Chrome will update itself with the new version of Flash in the next day or so, but you can usually trigger the update process by navigating to its About page. Flash updates for Internet Explorer and Edge are included in this month’s updates from Microsoft.

If you’re still using a web browser with a Flash plugin, you should make sure it’s up to date as soon as possible.

Update 2017Mar17: Ars Technica points out — quite rightly — that Microsoft still owes us all an explanation for why the February updates were cancelled. My favourite quote from the Ars article: “when marketers drive communications concerning a reported zero-day exploit, customers lose.” I’d argue that when marketing folk are the only ones talking about technical issues of any kind, we should all be very worried.

Adobe, Patches and updates, Security, Shockwave

Shockwave 12.2.7.197

Leave a comment

Another new Shockwave version was released this week by Adobe. Once again, the official release notes page for Shockwave 12 only shows 12.2.7.197 as the current version, and provides no details. There was no announcement.

A couple of years ago, Adobe changed the way Flash functionality is built into Shockwave, presumably to beef up Shockwave’s security, which up to that point included older, vulnerable versions of Flash. So it’s possible that these barely-documented Shockwave updates exist primarily to synchronize Shockwave’s security with the current version of Flash.

As usual, if you use a web browser with Shockwave enabled, you should install the new version as soon as possible.

Adobe, Patches and updates, Shockwave

Shockwave 12.2.5.196

Leave a comment

A new version of Shockwave appeared at some point in recent weeks. There was nothing like an announcement, and version 12.2.5.196 is barely mentioned on the official Shockwave release notes page. In fact, all we get is this: “Current Runtime Release Version: 12.2.5.196”.

Somewhere at Adobe, there’s at least one person who knows why Shockwave 12.2.5.196 was released. It would sure be handy if they said something about it.

If you use a web browser with Shockwave enabled, you should probably install the new version, because it may contain a security fix that Adobe just didn’t bother to mention.

Adobe, Patches and updates, Shockwave

Adobe Shockwave 12.2.5.195

Leave a comment

At some point in the last couple of months, Adobe produced a new version of Shockwave: 12.2.5.195. There may have been an announcement, but I didn’t see it.

There’s no mention of the new version on the Shockwave 12 release notes page, so it’s difficult to know what changed. It would be handy to know whether Shockwave 12.2.5.195 includes any security fixes.

Meanwhile, the main Shockwave download page serves up version 12.2.5.195, and the Shockwave checker definitely detects earlier versions and recommends installing version 12.2.5.195.

So Adobe is just being lazy with version announcements, release notes, and other web-based resources. Thanks for nothing, Adobe.

Adobe, Patches and updates, Security, Shockwave

Shockwave 12.2.4.194

Leave a comment

At some point in March, Adobe released a new version of Shockwave, 12.2.4.194. The release notes are light on details, saying only that the version includes “Deprecation of SHA-1 certificates in the Shockwave installer.”

SHA-1 is no longer considered secure, so this is a security update, and anyone who uses a web browser with Shockwave enabled should install the latest version as soon as possible. Note that the Shockwave plugin sometimes appears in browsers as Shockwave for Director.

Adobe, Patches and updates, Security, Shockwave

Shockwave 12.2.3.183 released

Leave a comment

A new version of the Shockwave player is available from Adobe. The official download page correctly shows the new version as 12.2.3.183, and that’s what you’ll get if you install Shockwave Player from there.

Unfortunately, Adobe still lags behind in updating other web resources related to Shockwave. The Shockwave Player help page, which detects the version you’re running, correctly identifies the installed version, but claims that the newest version is 12.1.9.159. The release notes page for Shockwave 12.x lists the latest version as 12.2.1.171.

If you use a web browser with Shockwave enabled, you should install version 12.2.3.183 as soon as possible, because there are almost certainly security fixes in the new version.

Adobe, Patches and updates, Shockwave

Shockwave player 12.2.2.172

Leave a comment

According to FileHippo’s release history for Adobe Shockwave Player, Shockwave 12.2.2.172 was released on November 25, 2015.

The official download page for Shockwave confirms that the latest version is 12.2.2.172. Unfortunately, the official release notes for Shockwave show the latest version as 12.2.1.171.

Worse still, Adobe’s Shockwave version checker page tells me this: “Sorry, your computer does not have the latest Shockwave Player installed. Please go to step 2. (Your version:12.2.2.172 Latest Version:12.1.9.159)” It’s trying to tell me that 12.1.9.159 is the latest version (it isn’t) and that the version I’m running (which is in fact the latest version) is both out of date and somehow older than a version which is clearly the older of the two (12.1.9.159 is older than 12.2.2.172).

Hey Adobe: it’s hard enough to keep our software up to date without you sending us mixed messages.

Adobe, Flash, Patches and updates, Security, Shockwave

Shockwave update adds latest Flash

Leave a comment

Adobe finally noticed all the warnings about Shockwave using an old, less-secure version of Flash. The latest new version of Shockwave (12.2.1.171) fixes one specific security issue, while also adding support for the latest Flash using a new feature called ‘Flash Asset Xtra’.

The release notes for Shockwave 12.2.1.171 and the corresponding security bulletin have additional details.

If you use a web browser with a Shockwave plugin, you should install Shockwave 12.2.1.171 as soon as possible. You should also configure the plugin to prompt you before displaying any content, as long as your browser supports doing so.