Adobe questioned over critical patch update for Flash Player

News by Dan Raywood

Adobe has rushed a patch to cover a potential vulnerability in its Flash Player.

Adobe has rushed a patch to cover a potential vulnerability in its Flash Player.


It claimed that a specially crafted SWF file could result in a buffer overflow that could allow an attacker to execute arbitrary code on the unpatched system. This could lead to a denial of service attack, mitigate clickjacking issues and cause a potential privilege escalation issue.


The affected versions are Flash Player and earlier versions. Adobe rated it as ‘critical' and recommended users update their players to the newest version or apply the patch.

Sam Masiello, vice president of information security at MX Logic, said: “
It was not clear from the advisory as to whether or not there is code in the wild currently exploiting any of these vulnerabilities, although I could not find any other announcements that would lead me to believe that exploit code exists.


“I believe that this begs the question as to why a Flash Player update is being released in advance of any malicious code when verified exploit code is already in the wild for Acrobat and Acrobat Reader? I am all for releasing patches proactively, but I would like to see an explanation from Adobe as well as to why we still have to wait two weeks for the Acrobat [Reader] updates. I don't quite understand the prioritisation here.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Webcasts and interviews 

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop