Last week, Adobe Systems Inc. shipped critical security updates for its PDF Reader software. Now comes an update that fixes at least two critical flaws in Adobe’s Shockwave Player, a commonly installed multimedia player.
Not sure whether you even have Shockwave Player on your system? You’re not alone. Because of a long history of rebranding between Macromedia and Adobe, the various naming conventions used for this software are extremely confusing. Here’s Adobe’s effort to draw clearer distinctions between the Flash and Shockwave multimedia players:
Both Flash and Shockwave are multimedia players. They can give you extended and predictable abilities across a range of browser brands, versions, and platforms.(Sometimes you might hear someone refer to “Shockwave Flash”, but these are actually two different multimedia players.)
Flash has a small player which gives it a wider distribution. Flash is included in every Netscape download. Flash also has a very fast startup time. The way the Flash format interleaves media and instructions also helps it start quickly.
Shockwave has a deeper player. It offers multiuser chat, XML parsing, HTML manipulation, an extensive and fast scripting language, distant file retrieval, programmatic control of vector shapes, and bitmap manipulation.
Mozilla is one of those that refers to the regular Flash Player plugin as “Shockwave Flash.” Firefox users can find this under “Tools,” “Add-ons,” and then under the “Plugins” tab. By the way, the latest, most secure version of Flash is v. 10.0.42.34, so if your version of Flash is lower than that, it’s time to update your Flash Player as well. Adobe shipped an update in December that fixed at least seven critical vulnerabilities in Flash. Instructions on how to update the Flash Player to the latest version are available here.
Here’s a way to test whether you even have Shockwave Player on your system (I don’t, and since I apparently haven’t missed it, I’m adding it to the list of programs you can probably do without unless you have a specific need for it). Visit this page. If it says you need to install a missing plugin, then you don’t have Shockwave Player installed, and you probably don’t need it.
If that link above shows that you do have Shockwave Player installed, it’s time to update it. The flaws are in Shockwave Player version 220.127.116.112 and earlier. Adobe recommends that Shockwave users actually uninstall the program (Windows users can do this via the Add/Remove Programs menu), and then reboot before attempting to install the latest, patched version (v. 18.104.22.1686), available here.
Updates are available for both Windows and Mac systems. Adobe’s advice about removing the old version of Shockwave and restarting before installing the update would appear to apply to Mac users as well. Here’s the full advisory from Adobe.