Recipe for Removing Latest Adobe Shockwave (Win) Vulnerability

Adobe Shockwave has a critical vulnerability (APSB09-08) that doesn't update itself a la Microsoft's push updates. The instructions found hither and yon surrounding this update seemed a bit vague, so here is a simple attempt.

Although it might seem otherwise, Adobe doesn't have a standard patch push mechanism, so this recent critical vulnerability in Shockwave is probably not being fixed on your machine. It wasn't on mine.

Shockwave may not be on all machines. If it's not in your Add or Install Programs list (XP) or Programs and Features (Vista), you don't have it, and haven't needed it in your web travels.

Adobe's advice (echoed elsewhere) is to first uninstall and reboot (! - this is not obvious, as the uninstaller does not automatically recommend this for you) and then replace it with the current version. Shockwave Player and earlier versions are affected. (The version Adobe offered as of this writing was To optionally check the installed version manually -- since this is a bit of a fuss -- manually, see Properties Version tab here:

C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe

-- or your equivalent system path, as c:\windows\system32 is just a default location.

Get the new version of Shockwave here:http://get.adobe.com/shockwave/

A minor warning: When Shockwave installed for me, Adobe wanted to push a Norton scanning tool. Uncheck the box if you don't want this; it defaulted to yes.

Adobe indicated that this advisory applies to Windows only.

No comments: