back to article Shocker: Adobe patches critical Shockwave remote hijack hole

Adobe has patched a critical vulnerability in the Shockwave player that could compromise hundreds of millions of machines. The company brags that some 450 million users run the vulnerable platform and should manually update through the Adobe website. The memory corruption hole (CVE-2015-7649) allows attackers to compromise …

  1. This post has been deleted by its author

  2. This post has been deleted by its author

  3. Martijn Otto

    Time to pull the plug

    Nobody uses flash any more. It's only ever used for annoying adverts. Removing the flash plugin results in a faster, more enjoyable browsing experience. I can recommend it to anyone.

    1. DainB Bronze badge

      Re: Time to pull the plug

      Removing Flash just turns your laptop into mostly useless iPad.

      1. Anonymous Coward
        Anonymous Coward

        Re: Time to pull the plug

        That's a joke, right?

      2. Anonymous Coward
        Anonymous Coward

        Re: Time to pull the plug

        Top performing firm, essential software, you've only got to check their web stats ;)

    2. Anonymous Coward
      Anonymous Coward

      Re: Time to pull the plug

      Remove Flash? - I'm inclined to agree. I have it disabled unless I absolutely need to use it, but I find that occurs less and less as time goes by. Time to delete it, maybe and see if my browsing experience suffers.

  4. Captain Badmouth
    FAIL

    IE11

    Does anybody know which ars**ole decided to embed flash in IE11? OK, you can disable it but how about eradicating it?

  5. Anonymous Coward
    Anonymous Coward

    The article is about shockwave not flash.

    I can understand the confusion though. They are both Adobe products that do pretty much the same thing and have at least one serious security vulnerability per line of code.

    1. Anonymous Coward
      Anonymous Coward

      Who can tell?

      It's quite confusing.

      When I check firefox add-ons I have something called Shockwave flash (v19.0 r0). So I don't actually know if this is shockwave or flash or something else? Adobe's website is no use whatsoever, it doesn't seem to explain the difference anywhere. I did manage to find a page that checked the version of the thing I have installed and confirmed it is the latest so I suppose that will have to do.

      1. Mike Flex

        Re: Who can tell?

        "When I check firefox add-ons I have something called Shockwave flash (v19.0 r0). So I don't actually know if this is shockwave or flash or something else?"

        Confusing, isn't it?

        The Adobe Shockwave Flash product which is at v19.x.x is what's normally just called Flash. While it's buggy there's still a lot of it about, so getting rid of Flash might restrict your ability to see videos.

        In Firefox you can set Flash to 'Ask to Activate' so you can turn it on for wanted videos (and see how often you need it) whilst leaving it off for adverts. (Tools->Add-Ons->Plug-ins->Shockwave Flash, choose Ask to Activate in the Activate drop-down.) The ipad/iphone don't support Flash, which drives the growth of alternatives.

        Shockwave itself is at v12.x.x. As Psymon noted, it isn't popular now. I deleted the Shockwave plugin the last time it needed updating and I haven't missed it.

  6. 7

    Off track

    Impression gleaned from article is a patch for Shockwave plugin, not Flash. Entirely different beast.

  7. Ralph B

    I'm Worried

    > Those running the latest version 12.2.0.162 and earlier will need to upgrade to 12.2.1.171.

    I'm worried that Adobe appears to be using IPv4 address notation for their version numbers. The address space of IPv4 is simply not sufficient for the number and frequency of bugs in Flash! I think they should move to IPv6 notation as soon as possible.

    1. Anonymous Coward
      Anonymous Coward

      Re: I'm Worried

      (insert new keyboard icon here)

  8. Psymon

    Wait, who the hell still uses Shockwave?

    I was once a shockwave developer, alas it is a dead and wholly extinct, unsupported platform, now.

    Macromedia Director. Ah, those were the days. Learnt it back in '97. Of course, back then it was for Multimedia interactive CDs. Macromedia began shoe-horning web technology into it around the same time they began shoe-horning coding abilities into Flash to make it interactive.

    Of course, because Director was designed from the ground up for interactive coding in Lingo, it was a far better IDE than Flash, which is still tea party level eccentric, due to its legacy as a simple animation tool.

    Shockwave was far superior to Flash for a good while, able to produce games with richer graphics and complex coding, but its Achilles heel was the size of the plugin. It was monstrous for slow net connections back then, and never got bundled with the OS by default, so you always had to install it if you wanted to see shockwave content.

    This crimped its popularity to such an extent web developers began jumping ship to Flash, which only exacerbated the problem since users were less likely to have already installed the plugin due to it being used on fewer sites.

    The writing was on the wall for Director/shockwave, and by 2003, it was obviously a dead duck.

    You should have upgraded to a different operating system at least once since then, so the big question is who are these 450 million user who have installed an extinct plugin?

    1. Calum Morrison
      Pint

      Re: Wait, who the hell still uses Shockwave?

      I hate Adobe crap as much as most people (even making me salute Apple for their stance on Flash, FFS) but it's rare in these comments to see anything lucid and informative; your comment was both and I thank you for it. Like a few others, I was wondering what the differences between (and the reasons for) Flash and Shockwave were and you answered me perfectly. Have a vPint.

  9. Tromos

    Easier solution

    "Why not just add 'Patch Adobe' to your to-do list. Every day for the forseeable future."

    Alternatively, why not just add 'Remove Adobe' to your to-do list. Once.

  10. Anonymous Coward
    Anonymous Coward

    Adobe definitely has serious security issues

    Unfortunately so does all versions of Windoze and monthly patches are just laughable when there are at least 10,000+ unpatched security issues in every version of Windoze. Just because Microsucks or some other entity doesn't announce the daily security holes discovered in Windoze does not mean it is even remotely secure. The hackers laugh at how easy it is to hack any Windows O/S because the code is a POS.

    1. Anonymous Coward
      Anonymous Coward

      Re: Adobe definitely has serious security issues

      Hahahahah - Microsucks Windoze! I haven't laughed so much since 1997. Oops, you forgot to replace one of the Ss with a $. You da man! Let me guess, Linux rather than Apple?

  11. Mark Dowling

    Every Shockwave Player patch should be an uninstaller

    Surely it must be cheaper for Adobe to push an uninstaller, wait for complaints to come in and hand over an NDA followed by cash than to keep that development line open?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019