Adobe acknowledges the 80 Flash Player bugs found by Google
Posted on 16 August 2011.
Following Adobe's latest release of patches for a number of its products, a discussion was started by Google researcher Tavis Ormandy who claimed that he himself has notified the company of some 400 holes he found in its Flash Player, but that Adobe has failed to give credit where credit is due.

In fact, Adobe has listed only 13 holes in Flash Player in the recent release, and failed to document others.

The discussion continued as some of Google's researchers (including Ormandy) revealed that the bugs in questions were found by fuzzing.

"The initial run of the ongoing effort resulted in about 400 unique crash signatures, which were logged as 106 individual security bugs following Adobe's initial triage. As these bugs were resolved, many were identified as duplicates that weren't caught during the initial triage," they explained.

"No analysis was performed to determine how many of the identified crashes were actually exploitable. However, each crash was treated as though it were potentially exploitable and addressed by Adobe. In the final analysis, the Flash Player update Adobe shipped earlier this week contained about 80 code changes to fix these bugs."

After an initial silence on the matter, Adobe decided to offer an explanation. According to Computerworld, the company admitted that Ormandy had reported some 80 bugs in Flash Player, but defended their decision of not list all the vulnerabilities in the released security bulletins by saying that it usually doesn't reveal or mention vulnerabilities found internally - by them or their partners.

Also, the question is whether all those 80 flaws would lead to an exploitable hole. As far as Adobe is concerned, only holes get a CVE number.






Spotlight

Fake "Online Ebola Alert Tool" delivers Trojan

Posted on 29 October 2014.  |  Cyber scammers continue to take advantage of the fear and apprehension surrounding the proliferation of the Ebola virus.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //