Category Archives: Shockwave


Another new Shockwave version was released this week by Adobe. Once again, the official release notes page for Shockwave 12 only shows as the current version, and provides no details. There was no announcement.

A couple of years ago, Adobe changed the way Flash functionality is built into Shockwave, presumably to beef up Shockwave’s security, which up to that point included older, vulnerable versions of Flash. So it’s possible that these barely-documented Shockwave updates exist primarily to synchronize Shockwave’s security with the current version of Flash.

As usual, if you use a web browser with Shockwave enabled, you should install the new version as soon as possible.


A new version of Shockwave appeared at some point in recent weeks. There was nothing like an announcement, and version is barely mentioned on the official Shockwave release notes page. In fact, all we get is this: “Current Runtime Release Version:”.

Somewhere at Adobe, there’s at least one person who knows why Shockwave was released. It would sure be handy if they said something about it.

If you use a web browser with Shockwave enabled, you should probably install the new version, because it may contain a security fix that Adobe just didn’t bother to mention.

Adobe Shockwave

At some point in the last couple of months, Adobe produced a new version of Shockwave: There may have been an announcement, but I didn’t see it.

There’s no mention of the new version on the Shockwave 12 release notes page, so it’s difficult to know what changed. It would be handy to know whether Shockwave includes any security fixes.

Meanwhile, the main Shockwave download page serves up version, and the Shockwave checker definitely detects earlier versions and recommends installing version

So Adobe is just being lazy with version announcements, release notes, and other web-based resources. Thanks for nothing, Adobe.


At some point in March, Adobe released a new version of Shockwave, The release notes are light on details, saying only that the version includes “Deprecation of SHA-1 certificates in the Shockwave installer.”

SHA-1 is no longer considered secure, so this is a security update, and anyone who uses a web browser with Shockwave enabled should install the latest version as soon as possible. Note that the Shockwave plugin sometimes appears in browsers as Shockwave for Director.

Shockwave released

A new version of the Shockwave player is available from Adobe. The official download page correctly shows the new version as, and that’s what you’ll get if you install Shockwave Player from there.

Unfortunately, Adobe still lags behind in updating other web resources related to Shockwave. The Shockwave Player help page, which detects the version you’re running, correctly identifies the installed version, but claims that the newest version is The release notes page for Shockwave 12.x lists the latest version as

If you use a web browser with Shockwave enabled, you should install version as soon as possible, because there are almost certainly security fixes in the new version.

Shockwave player

According to FileHippo’s release history for Adobe Shockwave Player, Shockwave was released on November 25, 2015.

The official download page for Shockwave confirms that the latest version is Unfortunately, the official release notes for Shockwave show the latest version as

Worse still, Adobe’s Shockwave version checker page tells me this: “Sorry, your computer does not have the latest Shockwave Player installed. Please go to step 2. (Your version: Latest Version:” It’s trying to tell me that is the latest version (it isn’t) and that the version I’m running (which is in fact the latest version) is both out of date and somehow older than a version which is clearly the older of the two ( is older than

Hey Adobe: it’s hard enough to keep our software up to date without you sending us mixed messages.

Shockwave update adds latest Flash

Adobe finally noticed all the warnings about Shockwave using an old, less-secure version of Flash. The latest new version of Shockwave ( fixes one specific security issue, while also adding support for the latest Flash using a new feature called ‘Flash Asset Xtra’.

The release notes for Shockwave and the corresponding security bulletin have additional details.

If you use a web browser with a Shockwave plugin, you should install Shockwave as soon as possible. You should also configure the plugin to prompt you before displaying any content, as long as your browser supports doing so.

Security & privacy roundup for September 2015

Android made security news in September for a lockscreen bypass hack and a ransomware app designated Android/Lockerpin.A.

Passwords in the leaked Ashley Madison user database became much easier to decrypt, once again reminding us to avoid re-using passwords.

A rogue version of the iPhone development tool XCode was found to have added malicious code to almost 500 legitimate apps. Those apps were published on the Apple App Store, and were subsequently installed by millions of iPhone and iPad users.

In other Apple-related news, a simple bypass for the Gatekeeper process, that protects Mac OS X users from malicious software, was discovered.

This month’s Flash updates prompted Brian Krebs to take another look at Adobe Shockwave. He found that even the most recent versions of Shockwave still contain very out of date versions of Flash, and strongly recommends that you remove Shockwave from all your computers.

A series of exploits against the Imgur and 8chan sites caused little damage, despite their enormous potential. The true goals of the hack are still in question, and the associated vulnerabilities on the affected sites have been fixed.

A researcher discovered several serious vulnerabilities in popular security software from Kaspersky Labs. While there’s no evidence of exploits in the wild, this is rather alarming. Anti-malware software typically has access to core system functionality, making working exploits very valuable to attackers. Kaspersky Labs acted quickly to fix the bugs, but this isn’t the first time security software has been found vulnerable, and likely won’t be the last.

A new botnet called Xor.DDoS is using compromised Linux computers to perform DDoS attacks against a variety of web sites, probably at the request of paying customers. The Linux computers hosting the botnet appear to have been compromised via weak root passwords. So far, most of the targets are in Asia. This marks a shift in platform for botnet developers, which previously focused almost exclusively on Windows.

Patch Tuesday for September 2015

There’s another big crop of updates from Microsoft this month, including some fixes for Windows 10. Twelve updates were made available earlier today, and of those, five are flagged as Critical. Fifty-six separate vulnerabilities are addressed, affecting all supported versions of Windows, Microsoft Office, and SharePoint.

Adobe announced a new version of Shockwave Player today as well. Version addresses two security vulnerabilities.

Shockwave released

There’s a new version of Adobe’s Shockwave Player. It’s not clear when the new version appeared, since there was no official announcement. There’s nothing at all on the release notes page, other than the fact that the most recent version of Shockwave is

You can download the new version from the main Shockwave page, which also shows the most recent version as You can check what version of Shockwave is installed (if any) on your computer at the Shockwave Help page.