Adobe Patches 34 More Bugs In Flash

The August patch haul is a marginal improvement over the 36 security vulnerabilities that Adobe patched in the July patch update, though the firm did have to patch an additional two zero-day flaws days after that update was released to deal with issues identified in the recent Hacking Team breach.

As opposed to the two issues fixed after the Hacking Team breach, which were being actively exploited, Adobe has stated that it is not aware of any exploits in the wild for any of the 34 issues addressed in the August update.

Project Zero

In July, the primary source of bug reporting to Adobe for Flash came by way of Google’s Project Zero initiative, which responsibly disclosed 20 vulnerabilities. For the August patch haul, Adobe credits Google Project Zero researchers for reporting 23 bugs.

Google has also been working with Adobe to prevent future exploits via a number of security mitigations that Adobe has already implemented.

“For Flash Player, we put the vector mitigation technologies into the last update,” Adobe spokesperson Wiebke Lips told eWEEK. “So those mitigations should help significantly.”

While Adobe is patching Flash today, it isn’t patching its Adobe Reader PDF application. That’s despite the fact that at the DefCon security conference in Las Vegas on Aug. 9, Brian Gorenc, manager of vulnerability research at HP’s Zero Day Initiative (ZDI), discussed multiple sets of vulnerabilities in Adobe Reader, including a set of CVEs related to JavaScript APIs in Reader.

Gorenc noted that Adobe has patched many of the issues that it has submitted so far. ZDI has submitted approximately 100 vulnerabilities to Adobe for Reader in 2015, according to Gorenc.

Adobe patches Reader on a quarterly basis, while HP has a responsible disclosure policy that gives vendors up to four months to patch a vulnerability before HP publicly discloses any issue. Given the highly efficient nature of Adobe’s security organization, it’s very likely that all of the issues that HP has found will be patched inside of the four-month timeline.

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

9 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

13 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

14 hours ago