Adobe patches two critical flaws
Shockwave and RoboHelp flaws are covered by Adobe in a busy week for patching.


Adobe has issued two patches for critical vulnerabilities affecting its Shockwave Player software and RoboHelp for Word authoring product.
Two bulletins were issued on Tuesday, one of them addressing nine security flaws most of them memory corruption vulnerabilities - in Shockwave version 11.6.3.633 and earlier versions on Windows and Mac OS.
"These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code on the affected system," Adobe said in its advisory.
These vulnerabilities could allow an attacker, who successfully exploits these vulnerabilities, to run malicious code.
There was just one vulnerability - CVE-2012-0765 in RoboHelp, affecting Windows users only.
"A specially crafted URL could be used to create a cross-site scripting attack on Web-based output generated using RoboHelp for Word," Adobe warned in a separate advisory.
"Adobe recommends users update their product installation."
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Microsoft yesterday issued its Patch Tuesday release for February, covering 21 vulnerabilities, including a critical update to Internet Explorer.
The patches came on the same day security company Secunia slammed the software industry for not doing enough to promote patching and ease the burden for IT managers.
Secunia's annual patch report found none of the top 20 software providers, including tech giants like Apple, Microsoft and Google, were able to cut the number of flaws in their products over the past five years.
"Vendors in general should improve their communication to customers and the patch distribution mechanism (for consumers that would imply auto updating)," said Thomas Kristensen, chief security officer at Secunia.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
New chapter, same partners: Keeping the channel aligned with change
Industry Insights How to maintain strong channel partnerships amid evolving strategies and market change
-
Palo Alto Networks snaps up CyberArk in identity security push
News The acquisition marks the latest in a string for Palo Alto Networks
-
Scania admits leak of data after extortion attempt
News Hacker stole 34,000 files from a third-party managed website, trucking company says
-
Vulnerability management complexity is leaving enterprises at serious risk
News Fragmented data and siloed processes mean remediation is taking too long
-
Beat cyber criminals at their own game
Whitepaper A guide to winning the vulnerability race and protection your organization
-
Same cyberthreat, different story
Whitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerability
News An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Three steps to transforming security operations
Whitepaper How to be more agile, effective, collaborative, and scalable
-
Should your business start a bug bounty program?
In-depth Big tech firms including Google, Apple and Microsoft offer bug bounty programs, but can they benefit smaller businesses too?
-
Accessing the XDR realm
Whitepaper A guide for MSPs to unleash modern security