Adobe patches Flash security issues with upgrade to player

News by Dan Raywood

Adobe has issued a new version of its Flash Player to address critical security issues.

Adobe has issued a new version of its Flash Player to address critical security issues.

Wendy Poland, security response program manager at Adobe Systems, confirmed that a security bulletin had been posted to address critical security issues in Adobe Flash Player.

Poland said: “This security bulletin affects Flash Player versions and earlier, as well as AIR versions and earlier. Adobe recommends users apply the updates for their product installations.”

Andrew Storms, director of security at nCircle, said: “Adobe's Flash update today contains a staggering 32 bug fixes, eerily reminiscent of Apple's massive update. It's been a busy couple of weeks for overworked security teams everywhere. It sure looks like Adobe is the new Microsoft – the place where security researchers love to find new bugs.

“It's pretty clear that Adobe has had the zero-day bug that got a lot of attention last week for a while. It might look like Adobe made heroic efforts to fix this bug in short order, but it's much more likely they have been working on the fix for a while and just finished the packaging and QA process.

Tavis Ormandy, who is in the spotlight today for short circuiting the responsible disclosure process with a Microsoft XP zero-day, is responsible for finding nine of the bugs in this patch. It's interesting to note that he chose to report these bugs to Adobe and not go public before they fixed them. This discrepancy in behaviour is sure to add to the on-going speculation about his motives with the Microsoft disclosure.”

The patch was delivered as a full upgrade to Flash Player version 10.1 for Windows, Mac and Linux operating systems. The beta release is currently available in the Android market.

Paul Betlem, senior director of Flash Player engineering at Adobe, said that with Flash Player 10.1, it has aligned its development efforts to create a single runtime that works across desktops and devices. Developments have also been made in memory optimisation and in conserving resources, reducing power usage and extending battery life.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews