Adobe has issued a patch bundle that fixes five critical flaws in its Shockwave player.
The company is urging the millions of Shockware users to upgrade immediately, although it has not said if any exploits have been spotted in the wild. Four of the five flaws, all of which can allow remote code execution, were discovered by researchers at vulnerability research company VUPEN Security.
“These issues, reported to Adobe a few weeks ago, are caused due to memory corruption and invalid pointer and index errors when processing malformed Shockwave content, and could be exploited to remotely compromise a vulnerable system when a user visits a specially crafted web page e.g. using IE or Firefox,” the company said.
The fifth flaw is a boundary condition issue that could lead to a Denial of Service (DoS) issue with the software.
Adobe has pledged to bring down the amount of time in which it patches flaws from months to weeks.