Adobe Patches 34 More Bugs In Flash

The August patch haul is a marginal improvement over the 36 security vulnerabilities that Adobe patched in the July patch update, though the firm did have to patch an additional two zero-day flaws days after that update was released to deal with issues identified in the recent Hacking Team breach.

As opposed to the two issues fixed after the Hacking Team breach, which were being actively exploited, Adobe has stated that it is not aware of any exploits in the wild for any of the 34 issues addressed in the August update.

Project Zero

In July, the primary source of bug reporting to Adobe for Flash came by way of Google’s Project Zero initiative, which responsibly disclosed 20 vulnerabilities. For the August patch haul, Adobe credits Google Project Zero researchers for reporting 23 bugs.

Google has also been working with Adobe to prevent future exploits via a number of security mitigations that Adobe has already implemented.

“For Flash Player, we put the vector mitigation technologies into the last update,” Adobe spokesperson Wiebke Lips told eWEEK. “So those mitigations should help significantly.”

While Adobe is patching Flash today, it isn’t patching its Adobe Reader PDF application. That’s despite the fact that at the DefCon security conference in Las Vegas on Aug. 9, Brian Gorenc, manager of vulnerability research at HP’s Zero Day Initiative (ZDI), discussed multiple sets of vulnerabilities in Adobe Reader, including a set of CVEs related to JavaScript APIs in Reader.

Gorenc noted that Adobe has patched many of the issues that it has submitted so far. ZDI has submitted approximately 100 vulnerabilities to Adobe for Reader in 2015, according to Gorenc.

Adobe patches Reader on a quarterly basis, while HP has a responsible disclosure policy that gives vendors up to four months to patch a vulnerability before HP publicly discloses any issue. Given the highly efficient nature of Adobe’s security organization, it’s very likely that all of the issues that HP has found will be patched inside of the four-month timeline.

Originally published on eWeek.

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

20 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

21 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

22 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago