Security & Privacy

Does anyone still use Shockwave? It seems that Flash has taken over from this component, but, nevertheless, like other Adobe plug-ins, it has its share of security issues, and it has no way of checking for updates (at least on Mac OS X it doesn’t). Adobe has issued a security alert covering five bugs in Shockwave. These include:

Critical vulnerabilities have been identified in Adobe Shockwave Player 11.5.1.601 and earlier versions. The vulnerabilities could allow an attacker, who successfully exploits the vulnerabilities, to run malicious code on the affected system.

You can download the latest version of Shockwave here. You should update this just in case; even if it’s not used as much as it was in the past, all you need to do is stumble on a booby-trapped web page for the vulnerabilities to be exploited.

However, you’ll find that Shockwave doesn’t work in Snow Leopard; at least not without a bit of cajoling. It will only work if you set Safari to open in 32-bit mode. (Adobe describes the problem and solution here.) Now if you really need Shockwave, then you might want to do this, but otherwise you can probably just leave Safari as it is and wait and see if you come across a web page that requires the plug-in. We haven’t seen any since Snow Leopard was released (and didn’t even know that Shockwave didn’t work until today). But your browsing may vary.