Adobe to fix Flash Player on Patch Tuesdays
Computerworld - Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule.
"Microsoft and Adobe are now officially married," joked Andrew Storms, director of security operations at nCircle Security, a software vendor, in an email. "They started dating when they decided to share the MAPP program," and once Microsoft agreed to embed Flash into Internet Explorer 10, it was "inevitable" that Adobe would begin following Microsoft's patch schedule, he said.
Under MAPP, or the Microsoft Active Protections Program, Microsoft provides select security vendors with prepatch information to give them time to craft detection signatures for new exploits or malware.
In July 2010, Adobe began using MAPP to deliver vulnerability information about its own products to security firms. Microsoft issues its security updates on the second Tuesday of each month. Until now, Adobe has released Flash bug fixes at irregular intervals.
The lack of synchronization became an issue after Microsoft announced it would bake Flash Player into IE10 for Windows 8 and its tablet spin-off, Windows RT. Problems surfaced in September when Microsoft said it would not patch IE10 for at least six weeks, even though Adobe had issued updates the previous month that addressed at least one vulnerability that hackers were already exploiting.
Microsoft later recanted and issued an update to IE10. It then issued another in October, on the same day Adobe shipped its Flash fixes. Some criticized Microsoft for breaking its schedule and confusing customers.
Now, however, some security professionals are praising Adobe's change. "Concentrating updates on a single day is a benefit for any organization," said Wolfgang Kandek, CTO of security vendor Qualys, in an email. "[The new schedule] should streamline rollouts and get Flash updates [installed] more widely."
This version of this story was originally published in Computerworld's print edition. It was adapted from an article that appeared earlier on Computerworld.com.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts