Adobe has released updates to its Shockwave Player software to address multiple vulnerabilities. Instances that are not updated are susceptible to an attacker, who could successfully exploit these vulnerabilities or run malicious code on the affected system.
The IT Security Office advises applying the updates. Prior to updating, ensure that you in fact run Shockwave Player by clicking this link: http://www.adobe.com/shockwave/welcome. If you see an animation, you are running the software and need to update it. If you do not see the animation, or are prompted to download the application, you do not use the software and there is no need to update it.
Adobe Shockwave Player 126.96.36.1997 and earlier versions for Windows and Macintosh
Security Bulletin Names:
APSB12-23 - Security update available for Adobe Shockwave Player
October 23, 2012
If you have any questions, please contact the IT Service Center at 303-735-4357 (or 5-HELP from an on-campus phone) or firstname.lastname@example.org. Email and phone help is available Mondays through Thursdays, 7:00 a.m. to 10:00 p.m.; Fridays 7:00 a.m. to 7:00 p.m.; and Saturdays and Sundays, noon to 6:00 p.m.
OIT has defined the following categories to describe the severity of security risks:
URGENT severity represents a broad threat to the entire campus community.
SEVERE severity included remote exploits and worms.
IMPORTANT severity includes virus and local exploits for commonly used services.