Adobe to fix Flash Player on Patch Tuesdays
Computerworld - Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule.
"Microsoft and Adobe are now officially married," joked Andrew Storms, director of security operations at nCircle Security, a software vendor, in an email. "They started dating when they decided to share the MAPP program," and once Microsoft agreed to embed Flash into Internet Explorer 10, it was "inevitable" that Adobe would begin following Microsoft's patch schedule, he said.
Under MAPP, or the Microsoft Active Protections Program, Microsoft provides select security vendors with prepatch information to give them time to craft detection signatures for new exploits or malware.
In July 2010, Adobe began using MAPP to deliver vulnerability information about its own products to security firms. Microsoft issues its security updates on the second Tuesday of each month. Until now, Adobe has released Flash bug fixes at irregular intervals.
The lack of synchronization became an issue after Microsoft announced it would bake Flash Player into IE10 for Windows 8 and its tablet spin-off, Windows RT. Problems surfaced in September when Microsoft said it would not patch IE10 for at least six weeks, even though Adobe had issued updates the previous month that addressed at least one vulnerability that hackers were already exploiting.
Microsoft later recanted and issued an update to IE10. It then issued another in October, on the same day Adobe shipped its Flash fixes. Some criticized Microsoft for breaking its schedule and confusing customers.
Now, however, some security professionals are praising Adobe's change. "Concentrating updates on a single day is a benefit for any organization," said Wolfgang Kandek, CTO of security vendor Qualys, in an email. "[The new schedule] should streamline rollouts and get Flash updates [installed] more widely."
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about Security in Computerworld's Security Topic Center.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!