Adobe promises fix for Flash vulnerability by tomorrow, Reader and Acrobat fix on June 29th
By Donald Melanson 
posted June 9th 2010 4:13PM
posted June 9th 2010 4:13PM
Well, it looks like Adobe isn't wasting much time in fixing that "critical" Flash vulnerability that could allow remote hijacking of a user's computer, but it's a slightly different story when it comes to patching Adobe Acrobat and Reader. According to Adobe, the Flash fix will be rolled out by tomorrow at the latest, but it says the fix for Reader and Acrobat won't be available until June 29th. Somewhat curiously, Adobe says it had considered rushing out a "one-off 0-day" fix for Reader and Acrobat as soon as possible, but says that would have caused too much "churn and patch management overhead on our users" considering there's already a regular quarterly update scheduled for July 13th. So, instead, Adobe has decided to push that update up to June 29th and simply include the fix for the vulnerability with it. In the meantime? Stay frosty, we guess.
I have no flash issues on my iPad.
:)
@Technologeee
Sure is empty on teh interwebz tho.. Ive noticed more little ? cubes than ever before
@Technologeee
LOL NICE ONE!
@Technologeee
well thats a shame...
@Technologeee
Haha really funny...
I'm having a good time with 2.2 on my droid... flash runs smoother than html5 any day and yes I'm rooted and running at 800 mhz :) droid does, just wait for the droid 2 ::)) the ipad kinda sucks. Hail android! (Android fanboy) :)
@theonlysmr
Thats what I thought, then I got to use it, and then the addiction kicked in.
I signed up for a FS credit card and got the iPad 10 minutes later.
You will never truly be able to criticize it, unless you get the chance to use it in your home, until you have the ability to just set it on your lap and enjoy a movie at night.
@theonlysmr
You sir could not have said ANYTHING better.
I've long said goodbye to Apple.
@Technologeee
I know man the ipad is pretty awesome but I don't have the money or really a big use for it... I'm 15 lol but I do think if u want somethin that's easy to use when ur chillin its the best device in the world... but for me and my phone its just android. I love apple. I have a mac and an itouch and they both do there job very well, but when ur an upcoming hacker (what I like to call myself) a droid with android its the bomb.com for me but when people hate on tech that is awesome like adobes flash(which really works great for me) I don't like that but ya ill take back that the ipad sucks cause it doesn't.
@wakeup
Thanks :) I agree hail android
Lol I'm a total hypocrite :)
@Technologeee
Neither has the billions of Flash users that has not been affected by the vulnerability. According to Symantec has a minimal risk and damage level with 0-49 users affected.
From http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99
Threat Assessment
Wild
Wild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
Damage
Damage Level: Low
Payload: Drops files on to the compromised computer.
Distribution
Distribution Level: Low
Target of Infection: Exploits a remote Buffer Overflow vulnerability in Adobe Acrobat Reader 8 and 9.
@theonlysmr
I know where your coming from, I too adore android for its open(er) platform, and the fact that its just so configurable.
I originally wanted to buy the Evo 4G because of its awesome specs, but then I heard it wasnt going to be released in Canada (or atleast anytime soon) so I just decided to go for the iPhone4. My point is, android is my first priority, but the device has to blow me away first, thats exactly what the evo did. Its a shame really.
And the iPad really doesnt have too much of a use for me from what I thought, I mainly use it for web surfing and my god its king.
I came to the conclusion a few days after playing with the iPad, that I am going to take it back before the 30 day warranty ends, because it really doesnt have a use for me. I will use the money to pay for the iPhone4.
@Psilion
Oops, wrong link, but information is the same since it also concerns Trojan.Pidief.E. Here is the correct link:
http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-060601-3020-99
@Technologeee http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
@Technologeee
Some perspective on how secure Apple's products are compared to Flash:
http://www.blixtsystems.com/2010/06/jobs-lies-regarding-flash-security/
@Technologeee And I have no issues with flash on any of my systems because I have my browser set to use flash, only on sites I approve. Try again iFad fanboi.
@Technologeee "You will never truly be able to criticize it, unless you get the chance to use it in your home, until you have the ability to just set it on your lap and enjoy a movie at night."
I reckon you enjoy the fetish position while watching a movie or perhaps cramp neck in this case.
@Atlantian Ah, Gawker. Seems like an ATT breach.
http://www.engadget.com/2010/06/09/atandt-breach-reveals-114-000-ipad-owners-email-addresses-includ/
@Psilion I see 1% difference for 2009.
In the meantime, adblockers!
Oh wait, that's the same as usual, I guess.
Adobe = Epic Fail Company
No flash issues here on my iPad
@ninja98
hmm... oh sorry, i was just watching the engadget video section on ma nexus one.
@ninja98
you don't know what are you talking about adobe is not only flash
but well what do you know. you only need what a ipad can do so no much of computer person
@ninja98
Adobe makes one of the most powerful and most used photo editing software, Photoshop.
And it isnt even Adobes main achievement.
If you think Adobe is running on its flash development, you dont deserve to visit Engadget, because you are not a techie.
@Wiggy Fuzz Make sure you keep your phone charging and keep an eye on more of critical adobe fixes. More shitty bugs will pop up caused by this crappy company.
@ninja98
that's okay, my nexus one automatically loaded an update for flash beta 10.1. thanks for your concern *goes back to watching more flash video*
@Technologeee I didnt say that you moron, dont put words in other peoples mouth.
@ninja98
Its cool, lol.
I just assumed since this is an Adobe flash article, and the words "fail" have been used alot when talking about no flash for the apple handhelds.
We friends now? :P
@ninja98 no this is an epic fail
http://www.engadget.com/2007/10/07/iphone-v1-1-1-exploits-starting-to-surface/
and http://www.engadget.com/2009/03/19/the-pwn2own-trifecta-safari-ie-8-and-firefox-exploited-on-day/
and http://www.engadget.com/2010/03/25/iphone-sms-database-hacked-in-20-seconds-news-at-11/
@Atlantian and http://www.engadget.com/2010/05/27/iphone-vulnerability-leaves-your-data-wide-open-even-when-using/
and http://www.engadget.com/2010/03/19/charlie-miller-to-reveal-20-zero-day-security-holes-in-mac-os-x/
and
http://www.engadget.com/2009/10/12/snow-leopard-guest-account-bug-deleting-user-files-terrorizin/
there are so many i can keep this up all day long maybe 2 days
@Wiggy Fuzz
Is this what the update was for? There was no changelog in the listing.
@Atlantian So you managed to find a couple of Safari exploits in 3-years. Flash and Acrobat have more than that in a week EACH!
Adobe creates some awfully vulnerable software, probably second behind Windows 2k/XP :P
@ninja98
Jobs should paid you. Did you have a period during the time you spend with the iPad?
That should be "one-off 0-day" (i.e. zero, not the letter o).
@John H
That's an oldstyle zero, not an o. Notice it's not the same as the o in one and off.
"oh no! my computer has been hijacked!"
*turn off wifi*
You should maybe learn to keep your promises before you make more adobe..
Everytime I go to a Flash site on my Pre Plus, I get a message that says "Flash for WebOS will be available in the first half of 2010."
I guess they have about 3 more weeks to try to keep THAT promise . . .
I don't own an iPad but I'm also running with another popular tablet that runs Flash free :)
http://i33.tinypic.com/66m0ck.jpg
Take that Adobe!
Better late than never. But the damage is done.
@tonio
Workaround provided the same day and a patch in five days. That is really slow.
Unlike Apple who many times take months to patch vulnerabilities.
Good stuff to see updates coming. Bad PR to have this go on for so long. :P
they seem to love to fix always something in flash, just like a mania or such.
When are they going to put out the hotfix that makes the arrow keys work in flash on my Mac mini? They work fine in our ancient PowerMac G4, though Flash is insanely slow on it, and my 1st gen MacBook at work, but Flash videos cause the fans to go insane on it, but our Mac mini lost its arrow keys (only in Flash) some time back and no number of updates has restored them. Adobe, when it comes to Flash, doesn't seem to care about the Mac and never has. Apple's products have always been second or third fiddle. Then the iPhone comes along and tears up the charts and then Adobe comes running, saying "Ooh me! Pick me!!"
on an interesting note http://gawker.com/5559346/apples-worst-security-breach-114000-ipad-owners-exposed
Jobs lies regarding Flash Security
http://www.blixtsystems.com/2010/06/jobs-lies-regarding-flash-security/
"In 2009, Symantec documented 321 vulnerabilities affecting plug-ins for Web browsers (figure 9).
ActiveX technologies were affected by 134 vulnerabilities, which was the highest among the plug-in technologies examined. Of the remaining technologies, Java SE had 84 vulnerabilities, Adobe reader had 49 vulnerabilities, Quicktime had 27 vulnerabilities, and Adobe Flash player was subject to 23 vulnerabilities. The remaining four vulnerabilities affected extensions for Firefox."
@stanar007 Dude you had me at Jobs lies. Its a foregone conclusion that he's a lying bastard.
Adobe, I believe, has officially entered its XP pre-SP2 era.....That is they are going to be in a painful position when it comes to security for a while until they clean their **** up.
Ok, the good thing is that they are correcting the flash issue quite quickly,and that's good. But June 29th for Reader??, And this is one of the reasons to consider other alternatives for PDF reading.
You see guys, unless SJ have thrown the rotten tomatoes in the face of Adobe, they wouldn't care to fix anything. And you guys are asking Apple to rely on them. So pathetic.
They fixing it already? They should put out a patch for those faked iPad UserAgent id's that allowed for apple consumers to be info raped.
They should make an app for that.