Adobe apologises for 16-month-old bug
By Stuart Turton
Posted on 9 Feb 2010 at 11:40
Adobe has apologised for allowing a serious bug in Flash Player to "slip through the cracks" for 16 months.
The bug was first reported by security researcher Matthew Dempsky back in September 2008, and causes Internet Explorer 6 and 7, Firefox and Safari 3 to crash when exploited.
Despite replicating the crash in the labs, Adobe's Emmy Huang, product manager for Flash, admitted that because Flash Player 10 was set to launch the month after the report, the company delayed a fix until Flash Player 10.1 - not due for final release until later this year.
The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release
"The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release," Huang writes on the Adobe blog.
As a result of this error, Flash Player was updated four times without the bug being addressed. Huang claims the fix has now been applied to the Flash Player 10.1 beta currently available.
However, failing to address the bug in a timely manner wasn't Adobe's only failing, Huang admits. "We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that. Having that line of communication open would have allowed him to let us know directly that it was still an issue.
"I intend to follow up with the product manager (or Adobe rep) who worked on this issue to make sure it doesn't happen again. It slipped through the cracks, and it is not something we take lightly," she concludes.
The apology will be particularly embarrassing for Adobe coming off the back of its argument with Apple. Flash is missing from Apple's recently released iPad, and reports claim Steve Jobs called the company "lazy" and pegged the majority of Mac crashes on Flash Player.
From around the web
advertisement
- Laptop bag reviews: nine tested
- Sony VAIO T Series Ultrabook review: first look
- Revealed: the military standards and robots HP uses to test its laptops
- Windows 8: multi-monitors and double standards?
- Why is TalkTalk's year-old porn filter suddenly big news?
- Why are laptop screens so far behind mobiles?
- HP EliteBook Folio review: first look
- The shoebox-sized all-in-one printer
- Forget the Ultrabook: here comes the HP Sleekbook
- HP Spectre XT review: first look
- Why you have to be left in the dark on OS patches
- Publishing your email address isn't a security disaster
- Why antivirus is fighting a losing battle in your office
- Four year olds used to steal their parents' data
- An acceptable use policy for your kids
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
advertisement
