Adobe apologises for 16-month-old bug
By Stuart Turton
Posted on 9 Feb 2010 at 11:40
Adobe has apologised for allowing a serious bug in Flash Player to "slip through the cracks" for 16 months.
The bug was first reported by security researcher Matthew Dempsky back in September 2008, and causes Internet Explorer 6 and 7, Firefox and Safari 3 to crash when exploited.
Despite replicating the crash in the labs, Adobe's Emmy Huang, product manager for Flash, admitted that because Flash Player 10 was set to launch the month after the report, the company delayed a fix until Flash Player 10.1 - not due for final release until later this year.
The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release
"The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release," Huang writes on the Adobe blog.
As a result of this error, Flash Player was updated four times without the bug being addressed. Huang claims the fix has now been applied to the Flash Player 10.1 beta currently available.
However, failing to address the bug in a timely manner wasn't Adobe's only failing, Huang admits. "We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that. Having that line of communication open would have allowed him to let us know directly that it was still an issue.
"I intend to follow up with the product manager (or Adobe rep) who worked on this issue to make sure it doesn't happen again. It slipped through the cracks, and it is not something we take lightly," she concludes.
The apology will be particularly embarrassing for Adobe coming off the back of its argument with Apple. Flash is missing from Apple's recently released iPad, and reports claim Steve Jobs called the company "lazy" and pegged the majority of Mac crashes on Flash Player.
advertisement
- 18 ways to boost your e-commerce conversion rate
- Google App Inventor: is drag and drop a flop?
- Google Picasa: the best way to back up your photos
- Five reasons why Apple's earbuds aren't that bad
- Dubai's dubious internet "censorship"
- How I got Android 2.2 by de-branding my phone
- Samsung Galaxy Tab review: first look
- Are PC stickers really on their way out?
- ViewSonic ViewPad tablets review: first look
- Toshiba Folio 100 tablet review: first look
- Mobotix DualNight M12
- Avira Premium Security Suite 9
- ZoneAlarm Internet Security Suite
- Webroot Internet Security Essentials
- Trend Micro Internet Security
- PC Tools Internet Security 2009
- Panda Internet Security 2009
- Norton Internet Security 2009
- Kaspersky Internet Security 2009
- F-Secure Internet Security 2009
- Why smaller botnets are big business
- Web of Trust makes Chrome even safer
- Is HSBC's security software more trouble than it's worth?
- How sexy is hacking?
- Why Please Rob Me was a good idea
- Johnny Depp isn't dead - good security practice is
- The Government's laughable security strategy
- Delving into the Norton 2010 line-up
- How to commit Facebook suicide
- Microsoft must stop silently installing browser plugins
advertisement
ADVERTISEMENT
Printed from www.pcpro.co.uk