Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe To Patch Flash 0-Day Friday

Posted by CmdrTaco on from the flash-in-the-pan dept.

Trailrunner7 writes "Adobe is planning to patch the recently disclosed Flash Player vulnerability on Friday — just four days after it was disclosed — for users on Windows, Mac OS X and Linux. The vulnerability is being used in targeted attacks right now that use malicious Word documents. Adobe said it plans to push out the Flash Player patch for Google Chrome today, as part of the Chrome release channel, but Reader X users will have to wait till June for a fix."

6 of 113 comments (clear)

  1. Keep polishing that turd Adobe by Anonymous Coward · · Score: 3, Funny

    At least my iPad is still safe.

  2. Re:They're planning to patch a 0-day? by Riceballsan · · Score: 4, Interesting

    This may be one of the few times 0 day was actually used right. 0-day hits without warning, and it has to be patched after the fact, assuming of course there was no warnings by white hats beforehand that were ignored/covered up. That being said, as much as I hate adobe and the ridiculous amounts of security flaws that actually allow these issues to occur, Seriously who the heck would want the ability to use flash in a word document, so they can print animations? That being said, 4 days is actually decent response time. compared to say word itself that will probably have the patch for this itself in a few months.

  3. Re:Linux? by machxor · · Score: 3, Informative

    The vulnerability exists in Flash Player not Microsoft Word. A Word document is simply the package being used to distribute the payload.

  4. Article is Dup by Anonymous Coward · · Score: 5, Funny

    Doesn't Slashdot post this same article every week?

  5. Summary not quite accurate... by fahrbot-bot · · Score: 3, Informative
    The Flash Player for Windows will get patched on April 25, but the Flash Player bug in Reader X for Windows will get fixed in June because the Reader X sandbox prevents exploitation. From TFA:

    Adobe said on Wednesday night that it plans to push out the Flash Player patch for Google Chrome today, as part of the Chrome release channel. A separate patch for Adobe Acrobat X for Windows and Mac, Reader X for Mac and Reader 9.x for Windows and Mac on April 25.

    The company is planning to wait until June to release a patch for the Flash Player bug in Reader X for Windows because the sandbox in that application prevents exploitation of the vulnerability. The patch for Chrome will be available earlier than the others thanks to Adobe's relationship with Google.

    --
    It must have been something you assimilated. . . .
  6. Re:They're planning to patch a 0-day? by _0xd0ad · · Score: 3, Insightful

    It was a zero-day vulnerability. The fact that it's no longer a zero-day vulnerability isn't nearly as important as the fact that it was one, since the very fact that we're discussing it means that it's no longer unknown.

    If you want to be that pedantic, you might as well just throw out the term altogether, because as soon as you find out that a 0-day exists, it ceases to exist.