Adobe Patches 34 More Bugs In Flash

The August patch haul is a marginal improvement over the 36 security vulnerabilities that Adobe patched in the July patch update, though the firm did have to patch an additional two zero-day flaws days after that update was released to deal with issues identified in the recent Hacking Team breach.

As opposed to the two issues fixed after the Hacking Team breach, which were being actively exploited, Adobe has stated that it is not aware of any exploits in the wild for any of the 34 issues addressed in the August update.

Project Zero

In July, the primary source of bug reporting to Adobe for Flash came by way of Google’s Project Zero initiative, which responsibly disclosed 20 vulnerabilities. For the August patch haul, Adobe credits Google Project Zero researchers for reporting 23 bugs.

Google has also been working with Adobe to prevent future exploits via a number of security mitigations that Adobe has already implemented.

“For Flash Player, we put the vector mitigation technologies into the last update,” Adobe spokesperson Wiebke Lips told eWEEK. “So those mitigations should help significantly.”

While Adobe is patching Flash today, it isn’t patching its Adobe Reader PDF application. That’s despite the fact that at the DefCon security conference in Las Vegas on Aug. 9, Brian Gorenc, manager of vulnerability research at HP’s Zero Day Initiative (ZDI), discussed multiple sets of vulnerabilities in Adobe Reader, including a set of CVEs related to JavaScript APIs in Reader.

Gorenc noted that Adobe has patched many of the issues that it has submitted so far. ZDI has submitted approximately 100 vulnerabilities to Adobe for Reader in 2015, according to Gorenc.

Adobe patches Reader on a quarterly basis, while HP has a responsible disclosure policy that gives vendors up to four months to patch a vulnerability before HP publicly discloses any issue. Given the highly efficient nature of Adobe’s security organization, it’s very likely that all of the issues that HP has found will be patched inside of the four-month timeline.

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

OpenAI In Talks With California Over For-Profit Shift

OpenAI reportedly begins early talks with California attorney general over complex transition from nonprofit to…

2 hours ago

EU To Assess Apple’s iPad Compliance Plans

European Commission says it will review Apple's iPad compliance with DMA rules as it seeks…

2 hours ago

James Dyson Says ‘Spiteful’ Budget Will Kill Start-Ups

James Dyson delivers most high-profile criticism so far of Labour's first Budget that raises £40bn…

3 hours ago

Nvidia, Meta Ask Supreme Court To Axe Investor Lawsuits

Nvidia, Meta bring cases before US Supreme Court this month seeking tighter limits on investors'…

3 hours ago

Nvidia To Replace Intel On Dow Jones Industrial Average

Nvidia to replace Intel this week on Dow Jones Industrial Average after years of turmoil…

4 hours ago

Toyota-Backed Joby Flies ‘Air Taxi’ In Japan

Joby Aviation and Toyota Motor complete demonstration flight in Shizuoka as companies prepare to bring…

4 hours ago