updated 11:00 am EST, Wed February 15, 2012
Fixes nine security holes that allow remote attack
Adobe has identified nine "critical" vulnerabilities in Shockwave Player 18.104.22.1683 and earlier versions for the Mac and Windows platforms that could allow attackers to run malicious code on the affected systems. The company is advising all users to update to the latest version for their system version, but only the new v22.214.171.1244 is protected from the vulnerabilities, which revolve around a memory corruption issue in Shockwave 3D assets.
Adobe's Flash and Shockwave browser plug-ins suffered numerous security issues over the course of 2011, resulting in frequent patches and updates. The latest version of Shockwave addresses a heap overflow vulnerability as well, but all nine patched vulnerabilities give attackers the ability to execute code on affected machines.
The latest version of Shockwave Player is available here. Users on OS versions too old to run the latest Shockwave are advised to disable the plug-in entirely unless and until Adobe issues a patch for older versions.