There’s a new version of Shockwave from Adobe. It’s now at version 220.127.116.112, updated to block multiple problems that allowed third-party code to run without the appropriate permissions.
Update at http://get.adobe.com/shockwave/
More information at Homeland Security:
Adobe Reader has a new patch, moving it to a current release of 9.4.4. This is not on their announced schedule of matching the Microsoft second-Tuesday patch release calendar. This patch requires a system reboot.
According to the Adobe release notes:
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2010-2862).
These updates further mitigate a social engineering attack that could lead to code execution (CVE-2010-1240).
These updates incorporate the Adobe Flash Player update as noted in Security Bulletin APSB10-16.
Translation into non-technobabble: Without the patch, bad guys can run their programs on your computer, including malware installers.
Apple has updated QuickTime to version 7.6.7.
It’s a security update, blocking attackers from using an error code to overflow a buffer, and so run code that would normally not be allowed while online, and to block a possible DOS (denial of service) condition.
More at Homeland Security, here.