Adobe has just released an update for 20 vulnerabilities in Shockwave Player, most of which could allow an attacker to execute malicious code. The bulletin APSB10-20 - Security update available for Shockwave Player - refers.

According to Jeremy Kirk's Macworld report and the Adobe advisory, the vulnerabilities affect both Windows and OS X versions up to version 11.5.7.609. The patched version is 11.5.8.612. Adobe categorizes this update as critical .

APSB10-17 addresses security updates available for Adobe Reader and Acrobat, and goes back to August 19th, The critical vulnerabilities it is concerned with are in Adobe Reader 9.3.3 and earlier for Windows, Macintosh and UNIX; Adobe Acrobat 9.3.3 and earlier for Windows and Macintosh; Adobe Reader 8.2.3 and earlier versions; Adobe Acrobat 8.2.3 and earlier for Windows and Macintosh. 

CVE-2010-2862 refers, and the update is rated as critical.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow