Adobe Shockwave Player Patch Coming Oct. 28

Adobe is prepping a patch for a security bug in Shockwave Player that is now under attack.

Adobe Systems is planning to patch a critical vulnerability Oct. 28 in response to the appearance of attacks.

Adobe originally issued an advisory on the bug Oct. 21. The vulnerability exists in Shockwave Player 11.5.8.612 and earlier, and affects both Windows and Macintosh computers.

Attackers can exploit the issue to cause a crash and allow an attacker to take control of a vulnerable system, Adobe warned. Though Adobe initially said it had not seen any attacks, an updated advisory released Oct. 27 reports that the vulnerability is now being targeted.

According to Secunia, the vulnerability is caused by "an array-indexing error in the handling of a certain record value in a 'rcsL' chunk and can be exploited to use an arbitrary dword in memory as a function pointer via a specially crafted Director file."

Secunia advised Shockwave Player users to avoid untrusted Websites, while Adobe recommended that users ensure that their machines are fully patched.