Adobe has patched a critical vulnerability in the Shockwave player that could compromise hundreds of millions of machines.

The company brags that some 450 million users run the vulnerable platform and should manually update through the Adobe website.

The memory corruption hole (CVE-2015-7649) allows attackers to compromise Windows and Mac boxes and gain remote code execution.

Adobe says Fortinet reported the hole, which is rated critical.

"This update addresses a critical vulnerability that could potentially allow an attacker to take control of the affected system," says.

Those running the latest version 12.2.0.162 and earlier will need to upgrade to 12.2.1.171.

The new bug comes after Adobe released a monthly batch of security updates and an emergency critical patch for Flash.

Those holes caused remote-code execution, information disclosure, and crashes across most browsers, platforms, and devices. ®