back to article Shockwave shocker: Plugin includes un-patched version of Flash

Adobe's latest Shockwave Player is riddled with 18 unpatched ageing Flash vulnerabilities raising concern and befuddlement in the US Computer Emergency Response Team. The video platform used by 450 million people contained a standalone Flash player that had not been updated since January last year. Since that time a host of …


This topic is closed for new posts.
  1. Pete Spicer

    I haven't seen anything in Shockwave in probably a decade - while in that time I've still seen a bunch of Flash and slightly less so for Java applets (mostly ones that I've been helping rewrite to be not applets!)

    I honestly thought Shockwave was a dead thing... what can you do in Shockwave that you can't in Flash?

    1. Christian Berger

      Computing is full of legacy stuff, and with the web it actually shows. Just like there are still many companies still running on VMS, Windows or BS2000, there are many websites in the 'dark edges' of the WWW still using Shockwave, Flash or Silverlight.

    2. Adam T

      I haven't "actively" noticed any Shockwave usage either, yet I often get a "Shockwave plug-in has crashed" report in Chrome (usually when I have way too many tabs open). So I guess it's in use still...but for what? Ads?

  2. sabroni Silver badge

    Active X could also be killed off in Internet Explorer by tampering with the Registry.

    Or, if you run 9 or over, you could turn on ActiveX filtering, disables by default but can enable on a site-by-site basis.

  3. Simulacra75

    Updating Adobe Shockwave, or Flash for that matter - nightmare

    We have ConfigMgr 2012 in our company and have SCUP integrated with it. The theory being that you can import Adobe updates and deploy them like a security patch. Only a theory though, in my experience. Have never successfully deployed an Adobe Flash patch. Constant errors when doing so. I don't seem to be alone in this either. Adobe need a good kick in the arse, IMO.

  4. chuckufarley Silver badge


    ...I wish I could (at least) be surprised by how unsurprised I am at this "news" but I have long held the opinion that anyone expecting security from Adobe products is beyond delusional. Security gets in the way of profits almost as much as functionality does. Machiavelli's "The Prince" comes to mind. Something about not needing to be virtuous, just needing to appear virtuous?

    Edit: Maybe El Reg could ask them to change the company name to Mach-Adobe?

  5. Vector


    Right left hand?

  6. Old Handle

    Shockwave still exists? Huh. I was under the impression it had essentially been rolled into flash. Why make to plug-ins that do almost the same thing?

    1. Havin_it

      There's a lot of confusion on this subject. In fact the reverse of what you say is nearer to the truth: Flash was (somewhat) rolled into Shockwave.

      Bit of history: Shockwave was Macromedia's own baby, and debuted while Flash was quietly kicking around as another company's plugin, then known as "FutureSplash". About a year later, Macromedia bought that and rebranded it as "Shockwave Flash" to put it under the same brand as their existing product (perhaps a full merge of the products was planned back then, but it never happened for whatever reason; probably too much work). That's why Flash files have the .SWF extension.

      Back then, the two products' use-cases hardly overlapped at all. Flash was simply an efficient (yes really!) way of bringing fancy animations and swanky UI "hotness" to the web. It wasn't much used as a platform for video because, well, nobody had the bandwidth to do much video-watching online.

      Shockwave, by comparison, was a veritable Swiss Army knife of multimedia tools for both the web and other (often embedded/kiosk) platforms (it could create standalone executables, which came a bit later for Flash). Its big strengths were hardware-accelerated 3D animation (Flash still doesn't have this, and it was the massive new hotness at the time: lots of browser-based games and wanky corporate "walkthrough" features), embeddability of lots of contemporary media formats either in the box or via third-party plugins to the authoring app (Director), a well-thought-out GUI builder and powerful but accessible scripting language making it quite easy to pick up and use.

      Back then you'd also see a lot of software installer CDs or multimedia CD-ROMs that used it: the Director icon on the "autorun.exe" file was a pretty common sight.

      I doubt Director/Shockwave have had much love from Adobe over recent years, but I bet that they remain the go-to for a lot of embedded/kiosk GUI devs. It's been a long time since I saw anyone using it on the web though.

  7. John Tserkezis

    Where's this mythical HTML5 that was supposed to replace flash?

    Does it even exist? It seems every other website STILL complains of "you need yet another updated version of flash".

    1. Ken Hagan Gold badge

      Re: HTML5

      It exists, but don't hold your breath. As long as a substantial minority of your users are running prehistoric versions of IE there is a dis-incentive to create new web-sites that depend on HTML5, and of course there are always reasons not to re-implement an existing site that "still works".

      I expect genuinely new sites to be planning to use HTML5 now, since (despite Microsoft's U-turn this week) it is clear that it is only a matter of time before the number of unpatched and well-known holes in IE8 start having a Darwinian effect. (I'm sure careful people will manage to keep XP systems running for years behind corporate firewalls, but I'm equally sure they won't be allowing IE8 onto the public web.)

      I don't expect any existing site to switch over to HTML5 sooner than their normal maintenance cycle would demand. For some, perhaps many, sites there is no such maintenance and these will carry on using Flash until their owners go bust (because no-one visits them anymore) and stop paying the hosting bills.

  8. Anonymous Coward
    Anonymous Coward

    What, then... the (Firefox) "Shockwave Flash" plugin (as opposed to "Shockwave for Director") ?

    Shockwave? Flash? Both?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021