Adobe has acknowledged that an internal screw-up caused potentially dangerous serious Flash Player flaw to remain unpatched for more than 16 months after it was first reported by an external security researcher.
“It slipped through the cracks,” said Emmy Huang, a product manager for Flash Player. Adobe’s mea-culpa follows the public release of proof-of-concept code demonstrating a Flash Player browser plug-in crash.
Matthew Dempsey, the researcher who found and reported the flaw in September 2008, explains the issue:
If a Flash 9 SWF loads the same URL twice with the first returning a Flash 7 SWF and the second time returning a Flash 8 SWF (or vice-versa), the Adobe Flash Player plug-in will attempt to dereference a null pointer, crashing the browser.
Dempsey’s code, which completely crashes the browser, was tested with Safari 3.1.2 and Firefox 3.0.1 with Adobe’s Flash Player plug-in 9.0.115.0, 9.0.124.0, and 10.0.12.10 on OS X 10.5.4 and 10.5.5.
Adob’s policy is that software crashes are serious “A” priority bugs.
“If a crash occurs, it is by definition a bug, and one that Adobe takes very seriously. When they happen, it can be the result of something going on purely within Flash Player, something in the browser, or even at the OS level,” according to Adobe’s Huang.
Huang said the issue was fixed in Flash Player 10.1 beta but was erroneously tagged to be fixed in the “next” release which meant that four different Flash Player 9 patches were released without this fix.
Here’s the apology:
So what happened here? We picked up the bug as a crasher when it was filed on September 22, 2008, and were able to reproduce it. Remember that Flash Player 10 shipped in October 2008, so when this bug was reported we were pretty much locked and loaded for launch. The mistake we made was marking this bug for “next” release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release. We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that. Having that line of communication open would have allowed him to let us know directly that it was still an issue. I intend to follow up with the product manager (or Adobe rep) who worked on this issue to make sure it doesn’t happen again. It slipped through the cracks, and it is not something we take lightly.
Adobe’s Flash Player is among the most commonly exploited applications on Windows machine.
Διαβάστε το αυθεντικό άρθρο εδώ.
Όχι τίποτα άλλο, αλλά μερικές μέρες πριν, ορκίζονταν εκεί στην Adobe, ότι το Flash είναι τρομερό και θαυμαστό και ότι ΔΕΝ αφήνουν να βγουν στην αγορά προϊόντα τους με προβλήματα (bugs). Τελικά τι ισχύει; Είναι ή δεν είναι σκατά το Flash; Έχουν ή δεν έχουν τα προϊόντα της Adobe bugs;
Εσείς τι λέτε Μπεεεε;
Ρε ότι και να λέτε η αλήθεια είναι μία. Το Flash είναι για το ανάθεμα και αυτό ΕΙΔΙΚΑ από τη στιγμή που αγοράστηκε από την Adobe και ΦΥΣΙΚΑ τα προϊόντα της Adobe και ΟΛΩΝ των εταιριών έχουν bugs. Ο Χριστός και η Παναγία δηλαδή.
Και ΦΥΣΙΚΑ είχε δίκιο ο Steve Jobs που είπε ότι εκεί στην Adobe έχουν γίνει τεμπέληδες. Και λίγα είπε!
ΣΗΜΕΙΩΣΗ:
Όλα τα παραπάνω, έτσι για να μην ξεχνιόμαστε, αφορούν και το Flash στα Windows. Όχι μόνο για το Mac και Linux που ακούγονται διάφορες μαλακίες του στυλ, ότι φταίει η Apple και το Linux που δεν μπορεί να κάνει σωστή έκδοση του Flash η μαλακισμένη η Adobe.
No comments:
Post a Comment