More
    Security

    What’s Going on at Adobe?

    By Sue Poremba

    On Tuesday, I got an email with this message from Qualys CTO Wolfgang Kandek’s blog post:

    “Today Adobe released the APSB12-19 bulletin for Adobe Flash and Adobe AIR. It addresses six flaws in the Adobe Flash Player for Windows, Mac OS X and Linux operating systems. Five of the flaws are categorized as critical and can lead to remote code execution on the attacked machine.”

    And I thought, hold on a second. Didn’t Adobe just have a “Patch Tuesday” the week before? The new Adobe patch jumped out at me because it coincided with Microsoft’s Patch Tuesday, which doesn’t usually happen. Sure enough, Kandek’s post confirmed that I wasn’t imagining things, even stating that IT administrators would likely be surprised to see Adobe updates in consecutive weeks. (I know I was, and I’m not even an IT administrator.) Adobe isn’t especially known for its frequent patches, although they do seem a little more frequent than they used to be.

    So what’s going on? Simply, it appears that the original update didn’t fix everything.

    The first patch was to address vulnerable machines where Flash was particularly targeted. The focus was Flash on Internet Explorer, according to Kaspersky’s Threat Post. Reader and Acrobat were also fixed in that patch. However, as described by ZDNet:

    “But this patch is no longer effective against yet another set of vulnerabilities that affect all versions of Flash Player, including Android 4.x, 3.x and 2.x. Like the previous vulnerability, these could allow attackers to crash and take control of the targeted computer or device and has earned Adobe’s highest severity rating of critical, leading Adobe to release a new patch only a week after the last.”

    Why not fix everything at once? Kandek speculated that the initial patch was an emergency patch to fix a problem out in the wild. This may be the case. It’s not always easy to figure out Adobe’s line of thinking when it comes to patches. One of the patches could have been an emergency patch. Or maybe the vulnerabilities were bigger than anticipated and the second patch was to fix what didn’t work the first time around.

    In any case, the two patches so close together were unusual and would signal something serious. Adobe updates are the type where it is really easy to click the “install later” button. It might be a good idea to make sure the company computers are installed with both updates – installing later could cause big problems.

    Previous article
    Shaking Up the Storage Oligarchy
    Next article
    Five Ways to Sell Management on Security
    Sue Poremba
    Sue Poremba
    Sue Poremba is freelance writer based on Central PA. She's been writing about cybersecurity and technology trends since 2008.

    Get the Free Newsletter!

    Subscribe to Daily Tech Insider for top news, trends, and analysis.

    Latest Articles

    The go-to resource for IT professionals from all corners of the tech world looking for cutting edge technology solutions that solve their unique business challenges. We aim to help these professionals grow their knowledge base and authority in their field with the top news and trends in the technology space.

    Advertisers

    Advertise with TechnologyAdvice on IT Business Edge and our other IT-focused platforms.

    Advertise with Us

    Menu

    Our Brands

    Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.