By Gregg Keizer July 29, 2009
Adobe stepped forward yesterday to acknowledge that it's the first major third-party vendor to have used Microsoft's flawed development code in its products. According to multiple security advisories posted to its site on Tuesday, the Windows versions of Adobe's Flash Player and Shockwave Player harbor vulnerabilities because Adobe used a buggy Microsoft code "library" during their development. It's no surprise that Flash Player is vulnerable to attack. Three weeks ago a pair of German researchers reported finding numerous third-party applications that contain the flawed library code, and named Flash as an example. Adobe patched Shockwave Player yesterday, and will follow that tomorrow with a previously-scheduled update for the far-more-popular Flash Player. "We evaluated the impact of the vulnerable versions of the Microsoft Active Template Library (ATL) on the Adobe product portfolio [and] determined that Flash Player and Shockwave Player are the two products that leverage vulnerable versions of ATL," said Wendy Poland, of Adobe's security team in an company blog entry.
Read more here -->Link
No comments:
Post a Comment