Adobe

Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers. That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.

Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.

Microsoft just declared that browser plug-ins' best days are behind them, but Adobe is working hard to disprove the notion with its Flash Player.

Flash, the most widely used browser plug-in, will be barred from the new "Metro" version of Internet Explorer 10 that will ship with Windows 8, IE team leader Dean Hachamovitch announced last night during the company's Build conference. In response, Adobe pointed out that Flash will still work with the more traditional "desktop" interface--but also that the company has other plans for staying relevant.

Adobe released more than a dozen security patches that fix vulnerabilities in both Reader and Acrobat as part of the company’s regular quarterly update. Adobe also updated its list of trusted certificate authorities in the wake of the DigiNotar breach.

Just a quick heads-up that Adobe will join Microsoft in releasing major security updates during Patch Tuesday next week (September 13, 2011).

Adobe plans to release “critical” patches to cover code execution vulnerabilities in its flagship Reader X software (Windows and Mac OS X). The company is also planning to ship updates for Adobe Acrobat X (10.1) and earlier versions for Windows and Mac to resolve critical security issues.

With the increased awareness about cybersecurity -- driven in part by the recent avalanche of high-profile hacks, break-ins, and take-downs -- it's more important than ever for vendors to keep their software patched and secure. In some cases that can be a Sisyphean task, as hackers and other bad actors are constantly trying to find vulnerabilities in existing software platforms.

Adobe last week acknowledged that as many as 80 bugs in Flash Player were reported by a Google security engineer, as it continued to defend its decision not to spell out details of the vulnerabilities.

Google also cited the same number, apparently putting to rest the spat between the engineer, Tavis Ormandy, and Adobe. In a pair of blog posts, Adobe and Google spelled out how the number "400" that Ormandy had cited ended up being cut by 80%.

In recent years, Adobe applications including Adobe Reader and Flash Player have been aggressively attacked by those looking to exploit PC users. In response, Adobe has issued a long list of patches as zero-day exploits emerge. Adobe hasn't just been reactive to the threats, however, they've also taken steps to secure their code to make their applications safer and less of a target for attackers.

Adobe patched 13 critical bugs in its nearly-ubiquitous Flash Player on Tuesday, but came under quick criticism from a security engineer who works for Google, a close partner of Adobe.

Although Adobe listed a baker's dozen of bugs fixed in the patched Flash, Google employee Tavis Ormandy took to Twitter to contest that number. "Adobe patched around 400 unique vulnerabilities I had sent them in APSB11-21 as part of an ongoing security audit," Ormandy said on Twitter late Tuesday. "Not a typo."

Earlier today, Adobe made waves with a statement in a tech note outlining issues with Adobe products running on OS X Lion by claiming that Lion may have dropped support for hardware acceleration of Flash Player content.

Sony and Adobe have teamed up to offer a $200,000 prize fund for developers.

The ‘Adobe AIR App Challenge Sponsored by Sony’ has been invented to drive the creation of apps built using Adobe's authoring tools specifically for Sony's impending tablets, codenamed S1 and S2, which run Google's Android operating system.