Adobe claims to have known of Flash issue prior to CanSecWest '08, patch is on the way

Summary:In a comment in a talkback on the original issue discovered in Adobe Flash that led to the compromise of the Vista machine at the Pwn2Own contest, an Adobe representitive, Erick Lee, Manager of Adobe Secure Software Engineering Team (ASSET), claimed that Adobe knew of the flaw and has a patch on the way. This announcement acknowledges that Adobe knew of the risk, accepted it as their own, and was working on fixing it.

In a comment in a talkback on the original issue discovered in Adobe Flash that led to the compromise of the Vista machine at the Pwn2Own contest, an Adobe representitive, Erick Lee, Manager of Adobe Secure Software Engineering Team (ASSET), claimed that Adobe knew of the flaw and has a patch on the way. 

This announcement acknowledges that Adobe knew of the risk, accepted it as their own, and was working on fixing it.  Kudos to Adobe for having been on the ball getting this going and into a patch.  An excerpt from their blog addresses this:

On Friday March 28, 2008 during the CanSecWest 2008 security conference Shane Macaulay of Security Objectives uncovered a potential security issue with Flash Player. Adobe Product Incident Response Team (PSIRT) received information regarding the exploit from TippingPoint, who sponsored the contest, on Friday evening. After some internal investigation, we found that via our ongoing response and security testing process we were aware of the issue and had fixed it for our security update coming in the next Flash Player update later this month.

What should I do as a customer?

We have fixed the issue and it will be in our next update coming later this month. Adobe is not aware of any active exploits in wild. The security researchers have reported the information to us responsibly giving the Flash Player team time to investigate and deliver a patch to you. We will provide more information as it becomes available.

*This posting is provided "AS IS" with no warranties, and confers no rights.*

Topics: Enterprise Software, CXO, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.