Adobe apologises for 16-month-old bug
By Stuart Turton
Posted on 9 Feb 2010 at 11:40
Adobe has apologised for allowing a serious bug in Flash Player to "slip through the cracks" for 16 months.
The bug was first reported by security researcher Matthew Dempsky back in September 2008, and causes Internet Explorer 6 and 7, Firefox and Safari 3 to crash when exploited.
Despite replicating the crash in the labs, Adobe's Emmy Huang, product manager for Flash, admitted that because Flash Player 10 was set to launch the month after the report, the company delayed a fix until Flash Player 10.1 - not due for final release until later this year.
The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release
"The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release," Huang writes on the Adobe blog.
As a result of this error, Flash Player was updated four times without the bug being addressed. Huang claims the fix has now been applied to the Flash Player 10.1 beta currently available.
However, failing to address the bug in a timely manner wasn't Adobe's only failing, Huang admits. "We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that. Having that line of communication open would have allowed him to let us know directly that it was still an issue.
"I intend to follow up with the product manager (or Adobe rep) who worked on this issue to make sure it doesn't happen again. It slipped through the cracks, and it is not something we take lightly," she concludes.
The apology will be particularly embarrassing for Adobe coming off the back of its argument with Apple. Flash is missing from Apple's recently released iPad, and reports claim Steve Jobs called the company "lazy" and pegged the majority of Mac crashes on Flash Player.
From around the web
advertisement
- How to install Internet Explorer 9
- Maintaining and supporting IE9
- Plan your deployment
- Creating a custom browser package
- Search in corporate environments
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Amazon Kindle Fire review: first look
- Lytro light-field camera: first look
- CES: Why booth babes are bad marketing
- Ice Cream Sandwich on the Transformer Prime review: first look
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk