If you decide to reinstall it later, be sure to keep an eye on the news and keep Shockwave updated. I would not recommend reinstalling it, even after Adobe releases an update, but I realize not everyone will do that. If you have Shockwave installed, I strongly recommend uninstalling it immediately. At this time, there are no known attacks involving Shockwave… key word there being “ known.” As a general-purpose attack vector, that makes it less desirable, though it could still be used in targeted attacks by people who know their targets have Shockwave installed. Few sites require it (I can’t recall ever encountering a site that required Shockwave), so not that many Mac users are likely to have it installed. The one saving grace here is the lack of any significant need for Shockwave. (Although conclusive reports were never released, it was believed at that time to be used to infect targeted users with the Crisis, aka Remote Control System DaVinci, malware.) The fact that Shockwave’s Flash component has not been updated during that time may possibly mean that it is also vulnerable to attack, and possibly that it is already being used for such attacks. I won’t be surprised if Apple blocks the current version of Shockwave, as they have done with vulnerable versions of Flash and Java in the past, but don’t wait for that to happen… remove Shockwave today!įlash Player has been updated numerous times since January 2013, and at one point in early 2013 was reported to be in active use in dropping Mac malware on vulnerable machines. Yesterday, Brian Krebs announced a shocking discovery: Adobe Shockwave Player includes an Adobe Flash Player component that has not received any security fixes since January 2013! This is a very serious security failure on Adobe’s part.
0 kommentar(er)
