In the "what else can go wrong today" category, Adobe released a patch for a critical security vulnerability in Flash player. This update resolves a buffer overflow issue that could potentially allow an attacker to execute arbitrary code. (CVE-2009-0520).
You are recommended to install this patch ASAP. The Flash player automatic checker only activates once in 30 days.
Additionally, there is an iDefense report on this issue. What interested me was the Disclosure Timeline:
08/25/2008 - Initial Contact
09/22/2008 - PoC Requested
11/05/2008 - PoC Sent
11/06/2008 - Clarification requested
12/05/2008 - Clarification Sent
12/07/2008 - Additional Clarification Sent
02/19/2009 - Draft bulletin received
02/24/2009 - Coordinated Public Disclosure
(Photo under creative commons from d ha rm e sh's photostream)
Tuesday
Adobe released patch for critical security flaw in Flash Player
Subscribe to:
Post Comments (Atom)
Security4all Blog
Twitter
Slideshare
Facebook
Digg
Flickr
1 comments:
This is just way out of line for adobe. 6 months for a patch? Large companies that pull this should be fined massive amounts of cash
Post a Comment