PSIRT announces security bulletin for Shockwave and Security Advisory for Flash. You can read about them here.
In a nutshell, the Shockwave update for a MS security issue came out last week. Users are encouraged to update immediately to eliminate their risk. The Flash update for the same issue is expected on July 30. Read the PSIRT announcement for more details on how to protect from Flash vulnerability in the interim.
The security fix for Shockwave was added to a regularly scheduled bug fix which always alert Shockwave / Director developers sniffed out immediately on release last Thursday. The bug fixes in the release are listed below.
- Bounding Sphere in Physics was not accurate when using a sphere proxy.
- (Bug Id: 2319573) Font Style not working properly
- GetPref() will also read Shockwave 10 preferences if the information is not available in Shockwave 11/11.5 preference.
- Memory leak in Physics for 6DOF joints(reported by Lutz).