cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
search
  • Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
Locked
0
Upvote

Adobe Flash player that mitigates Meltdown and Spectre

owlstead
New Here ,
Jan 26, 2018 Jan 26, 2018

Copy link to clipboard

Copied

Hi Adobe,

I got here after clicking a lot of things, I hope I'm at the right place - direct contact options seem to be limited.

Is there a response from Adobe with regards to the Meltdown and Spectre attacks? As flash usually runs in the browser I presume that Meltdown and Spectre attacks are possible? A high precision timer seems to be available in Flash, so that would normally enable these kind of attacks.

Could you please indicate if you're vulnerable and ways of mitigating the risk if this is the case? Is there a download package / version that is known to be invulnerable against these kind of attacks?

Kind regards,

Maarten, Senior Software Architect and security professional

patching - Adobe Flash and Meltdown / Spectre - Information Security Stack Exchange

Views

644

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

jeromiec83223024 Adobe Employee
Adobe Employee , Jan 26, 2018 Jan 26, 2018

Absent an actual exploit in the wild, Flash Player ships on a monthly schedule, aligned with Microsoft Patch Tuesday.  We'll have some formal communication accompanying that release, in the form of an Adobe Security Bulletin, Release Notes, and probably a blog post.

If you need an official statement or more detail in the interim, please reach out to the Adobe Product Security Incident Response Team <psirt@adobe.com> for an official response.

Votes

Translate

Translate
replies 2 Replies 2
latest latest Jump to latest reply
jeromiec83223024 Adobe Employee
Adobe Employee ,
Jan 26, 2018 Jan 26, 2018

Copy link to clipboard

Copied

Absent an actual exploit in the wild, Flash Player ships on a monthly schedule, aligned with Microsoft Patch Tuesday.  We'll have some formal communication accompanying that release, in the form of an Adobe Security Bulletin, Release Notes, and probably a blog post.

If you need an official statement or more detail in the interim, please reach out to the Adobe Product Security Incident Response Team <psirt@adobe.com> for an official response.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
owlstead
New Here ,
Feb 13, 2018 Feb 13, 2018

Copy link to clipboard

Copied

LATEST
In Response To jeromiec83223024

I think that Meltdown - and to a less degree Spectre - require a more active approach than sitting idly by waiting for a zero-day to occur.

With that said, as this seems to be the official standpoint of Adobe, I'll mark this question as answered.

Hopefully a working microcode patch will be released by Intel before the Meltdown security risk gets exploited through Flash player.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Copyright © 2024 Adobe. All rights reserved.
Using the Community Experience League Terms of Use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices