Adobe Discovers “Critical” Security Flaw in Flash, Won’t Release Patch Until Next Week

Another critical vulnerability in Flash was announced by Adobe this week.  The latest in a string of high profile flaws afflicting its PDF and Flash formats, the news adds fuel to the fire of the company’s detractors

Among those detractors is Apple CEO Steve Jobs who has spewed vehemence about Adobe over the last year, claiming Flash crashed Macs, was buggy, insecure, and ate up battery life.  Adobe and Apple enjoy a rather curious relationship given the fact that Apple users account for a significant portion of the sales of Adobe’s lucrative Creative Studio Suite.

While Mr. Jobs’ stance on Flash is somewhat extremist, Adobe is certainly taking its sweet time with getting patches to these critical flaws out the door.  The latest flaw, which affects Flash, Adobe PDF Reader, and Adobe Acrobat, won’t be fixed until next week.

That might be acceptable, except for the fact that malicious users, according to Adobe’s own accounting, are already actively exploiting this vulnerability in the wild.  

Hackers/spammers are distributing Excel spreadsheet documents that look innocent, but contain a harmful embedded SWF (Flash) file that exploits the flaw to gain unauthorized access to the victim’s system.  Adobe says Windows, OS X, and Linux machines alike are all affected by the flaw.

Even Microsoft has taken to trashing Flash (to be fair, Microsoft is trying to promote its own competitive offering — Silverlight).  Of the major players, only Google seems to be firmly supportive of Flash, using its support for the format as a selling point on its Android phones.

But despite its security issues, the fact is that Flash is a heavily entrenched technology that powers at least some features of most of the internet’s major websites.  

While the notion that Adobe is letting widely known flaws survive in the wild for so long is troubling, but ultimately the fact that it was exploited in the first place may not be entirely its fault.  In order to offer a rich content platform, you have to provide a wide interface to plug in text, graphics, video, audio, and more.  Such an interface is inherently exploitable in its broadness and many doors.

As for the platform’s non-security limitations, it may be battery hungry but graphics aren’t free, as any gamer who’s played on their laptop could tell you.  Ultimately graphics intensive rich-media apps will inherently be prone to being buggy, insecure, and battery hungry.

At the end of the day, while Apple’s Steve Jobs or Microsoft trash Adobe and hold up platforms they hold share in — like proprietary implementations of HTML 5 or Microsoft Silverlight — ultimately these platforms may suffer from the same problems if they are fortunate enough to mature and grow in market share.  After all, it’s easy to spew insults at your adversaries, but it’s much harder to perpetually maintain and upgrade a widely used, ambitious international software project.

Recent Posts

AMD Dual-Core Optimization Utility Available

AMD Dual-Core Optimization Utility Available

Improving dual-core compatibility for gaming

5.7″ ZTE ZMAX “Phablet” Coming to T-Mobile Sept 24 for $252

ZMAX will come with a Snapdragon 400 processor and 720p display

100 Northern California Households to Receive Plug-in Priuses

UC Davis dares to go where Toyota won't with the Prius

Apple on Microsoft Ads: PCs Are “No Bargain”, Macs Are “Cool”

An Apple spokesperson fires back over Microsoft's latest commercials

Update: 13.3″ Dell XPS m1330 Notebook Details Leaked

Engadget gets the scoop on Dell's latest "ultra-portable" notebook