Skip to main content

Adobe

Adobe patches Flash bug hackers are already exploiting

posted onSeptember 22, 2011
by l33tdawg

Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers. That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.

Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.

Adobe: Flash will flourish despite Windows 8

posted onSeptember 16, 2011
by l33tdawg

Microsoft just declared that browser plug-ins' best days are behind them, but Adobe is working hard to disprove the notion with its Flash Player.

Flash, the most widely used browser plug-in, will be barred from the new "Metro" version of Internet Explorer 10 that will ship with Windows 8, IE team leader Dean Hachamovitch announced last night during the company's Build conference. In response, Adobe pointed out that Flash will still work with the more traditional "desktop" interface--but also that the company has other plans for staying relevant.

Adobe to ship critical Reader, Acrobat patches

posted onSeptember 13, 2011
by l33tdawg

Just a quick heads-up that Adobe will join Microsoft in releasing major security updates during Patch Tuesday next week (September 13, 2011).

Adobe plans to release “critical” patches to cover code execution vulnerabilities in its flagship Reader X software (Windows and Mac OS X). The company is also planning to ship updates for Adobe Acrobat X (10.1) and earlier versions for Windows and Mac to resolve critical security issues.

Adobe Fares Poorly in Kaspersky Lab Security Report

posted onAugust 17, 2011
by l33tdawg

With the increased awareness about cybersecurity -- driven in part by the recent avalanche of high-profile hacks, break-ins, and take-downs -- it's more important than ever for vendors to keep their software patched and secure. In some cases that can be a Sisyphean task, as hackers and other bad actors are constantly trying to find vulnerabilities in existing software platforms.

Adobe admits Tavis Ormandy responsible for Flash Player bug patches

posted onAugust 16, 2011
by l33tdawg

Adobe last week acknowledged that as many as 80 bugs in Flash Player were reported by a Google security engineer, as it continued to defend its decision not to spell out details of the vulnerabilities.

Google also cited the same number, apparently putting to rest the spat between the engineer, Tavis Ormandy, and Adobe. In a pair of blog posts, Adobe and Google spelled out how the number "400" that Ormandy had cited ended up being cut by 80%.

How Adobe is Improving Security

posted onAugust 14, 2011
by l33tdawg

In recent years, Adobe applications including Adobe Reader and Flash Player have been aggressively attacked by those looking to exploit PC users. In response, Adobe has issued a long list of patches as zero-day exploits emerge. Adobe hasn't just been reactive to the threats, however, they've also taken steps to secure their code to make their applications safer and less of a target for attackers.

Tavis Ormandy and Adobe squabble over Flash bug credit

posted onAugust 10, 2011
by l33tdawg
Credit:

Adobe patched 13 critical bugs in its nearly-ubiquitous Flash Player on Tuesday, but came under quick criticism from a security engineer who works for Google, a close partner of Adobe.

Although Adobe listed a baker's dozen of bugs fixed in the patched Flash, Google employee Tavis Ormandy took to Twitter to contest that number. "Adobe patched around 400 unique vulnerabilities I had sent them in APSB11-21 as part of an ongoing security audit," Ormandy said on Twitter late Tuesday. "Not a typo."