Network News

X My Profile
View More Activity

Critical Security Fix for Adobe Shockwave Player

Adobe Systems Inc. on Tuesday issued a software update to fix a critical security flaw in its Shockwave Player, a commonly installed Web browser plug-in. According to Adobe, a malicious or hacked site could use the security hole to install malicious software if the visitor merely browses the site with a vulnerable version of the media player software.

The flaw exists in Shockwave Player (also known as Macromedia Shockwave Player) version and earlier. To find out whether Shockwave is installed and which version may be on your PC, visit this site.

In a posting to its security blog, Adobe said it is not aware of any exploits in the wild for this vulnerability.

Adobe recommends Shockwave Player users on Windows uninstall Shockwave version and earlier on their systems, restart and install Shockwave version, available here.


Readers should be aware that by default this patch will also try to install Symantec's Norton Security Scan, a clever marketing tool by Symantec that checks to see if you have malware on your system and then prompts you to buy their software to remove any found items. I find the bundling of a serious security update with this otherwise useless tool annoying, and potentially counter-productive. It makes you wonder: Did Symantec come up with this marketing tactic on their own, or did they borrow the idea from the people pushing rogue anti-virus products (or was it the other way around?) At any rate, if you don't want this extra software, be sure to deselect that option before proceeding with the update.

By Brian Krebs  |  June 25, 2009; 7:00 AM ET
Categories:  New Patches , Safety Tips  | Tags: adobe shockwave  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Debuts Free Antivirus Software Beta
Next: Ex-DHS Cyber Chief Tapped as President of ICANN


Is Shockwave Flash the same as Shockwave player? I get no version number when I follow the above link.

Posted by: jxl2 | June 25, 2009 9:03 AM | Report abuse

"Is Shockwave Flash the same as Shockwave player?"

In a word, NO. Shockwave and Flash are 2 separate apps.
Go here to check them both:

... and Thanks, Brian for pointing out the Symantec thingee. ARRGGHH!


Posted by: PC-tech | June 25, 2009 9:13 AM | Report abuse

Brian as a point of clarification, this doesn’t include the plugin found in Add-ons panel of Firefox, does it?

Posted by: ummhuh1 | June 25, 2009 12:30 PM | Report abuse

Adobe is one of our leading contributors for justifying our security product, which would not be installed by patching Shockwave. However, you may try it for free over here:

or here, where editors rated it 5 out of 5:

Posted by: eiverson1 | June 25, 2009 2:46 PM | Report abuse

That's just absurd to add in that symantec product download with the security patch.

I suppose the one bright spot is the opportunity for the user to decline the Norton software installation. That is very gracious of them. Yes.

Posted by: CB12 | June 25, 2009 3:17 PM | Report abuse


Adobe browser plugins also install as program files on Windows OS.

If you are using XP go to Control Panel > Add or Remove Programs and check for Adobe Shockwave Player or any instance of Shockwave. Uninstall if found.

For Vista go to Control Panel > Programs > Uninstall or change a program and look for any entries relating to Shockwave. Uninstall if found.

Posted by: Hoku1 | June 25, 2009 3:37 PM | Report abuse

I didn't get the Norton option screen when I downloaded Shockwave. Have they stopped offering it? Not that I want it, I just want to be sure I downloaded the correct program. Thanks.

Posted by: JBV1 | June 26, 2009 2:33 PM | Report abuse

@JBV -- the program also offers Google Toolbar, and offers the Symantec Scanning tool to those who already have Google Toolbar installed.


Posted by: BTKrebs | June 26, 2009 3:29 PM | Report abuse

I found the site
very helpful in uninstalling earlier versions of Flash.

Posted by: b_100666 | July 1, 2009 11:21 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company