According to PCWorld.com, Adobe is fixing five vulnerabilities in its Shockwave Player.
Classified as "critical," the update affects version 220.127.116.111 and earlier versions. Four of the bugs could allow remote code execution, while the fifth one could lead to a denial-of-service condition.
As The H Security notes, the flaws were discovered by French company VUPEN Security, which found that for an attack to be successful, a victim must first visit a specially crafted site.
You can download version 18.104.22.1682 here.