Shockwave uses vulnerable Flash

Discussion in 'other security issues & news' started by ronjor, Dec 19, 2012.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  3. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    Adobe should know better than this. Then again, as the alert says, Shockwave has very few needed uses anymore (online games, mostly from Shockwave itself are about all I can think of right now.) It's basically a remnant of a long gone time when one actually had a need to keep multiple video players, codecs and such around.
     
  4. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    For those that do not use Adobe Shockwave on a daily basis, you may uninstall until it is fully patched.
     
  6. BrandiCandi

    BrandiCandi Guest

    As Krebs said in his blog, Adobe was informed of the vulnerability in 2010. And Adobe announced they would patch it in 2013.

    W.O.W.
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Should probably just drop Shockwave support and kill it.
     
  8. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    To me it basically shows Adobe knows good and well hardly anyone uses it and thus they don't particularly care. Of course, whether it's worthwhile to worry about an issue facing such rarely used software or not, once these security bulletins start getting mentioned at widely read media outlets it becomes a question also of whether it's an issue you're willing to take bad PR over. Personally, I say just get on it, get it done, and it'll be forgotten 2 weeks after the fix goes out.
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    There's not really any excuse for taking this long to patch. If they had dropped support, sure. But they haven't. So even if 5 people use it they should patch.
     
  10. Mman79

    Mman79 Registered Member

    Joined:
    Sep 19, 2012
    Posts:
    2,016
    Location:
    North America
    That really depends on what the problem is, it's severity, likelihood of attack and number of users. I'm not throwing weeks of man hours at this particular problem if only say, 100 users are at risk and there isn't even an exploit in the wild. Adobe screwed up in a major way by not updating Flash with Shockwave, they know better after all the hell they've taken over Flash alone. But, really, if you're an attacker, are you going to even glance at this twice?
     
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Agreed;) If patching it is no longer a priority, they might as well declare it's death.
     
  12. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Adobe doesn't have a stellar reputation for security and patching when something breaks or when something is reported to them as being vulnerable.
     
  13. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Adobe to patch 2-year-old Shockwave vulnerability next year
    Article
     
Loading...
Thread Status:
Not open for further replies.