Skip to main content
Participant
January 26, 2018
Answered

Adobe Flash player that mitigates Meltdown and Spectre

  • January 26, 2018
  • 1 reply
  • 751 views

Hi Adobe,

I got here after clicking a lot of things, I hope I'm at the right place - direct contact options seem to be limited.

Is there a response from Adobe with regards to the Meltdown and Spectre attacks? As flash usually runs in the browser I presume that Meltdown and Spectre attacks are possible? A high precision timer seems to be available in Flash, so that would normally enable these kind of attacks.

Could you please indicate if you're vulnerable and ways of mitigating the risk if this is the case? Is there a download package / version that is known to be invulnerable against these kind of attacks?

Kind regards,

Maarten, Senior Software Architect and security professional

patching - Adobe Flash and Meltdown / Spectre - Information Security Stack Exchange

This topic has been closed for replies.
Correct answer jeromiec83223024

Absent an actual exploit in the wild, Flash Player ships on a monthly schedule, aligned with Microsoft Patch Tuesday.  We'll have some formal communication accompanying that release, in the form of an Adobe Security Bulletin, Release Notes, and probably a blog post.

If you need an official statement or more detail in the interim, please reach out to the Adobe Product Security Incident Response Team <psirt@adobe.com> for an official response.

1 reply

jeromiec83223024
jeromiec83223024Correct answer
Inspiring
January 26, 2018

Absent an actual exploit in the wild, Flash Player ships on a monthly schedule, aligned with Microsoft Patch Tuesday.  We'll have some formal communication accompanying that release, in the form of an Adobe Security Bulletin, Release Notes, and probably a blog post.

If you need an official statement or more detail in the interim, please reach out to the Adobe Product Security Incident Response Team <psirt@adobe.com> for an official response.

owlsteadAuthor
Participant
February 13, 2018

I think that Meltdown - and to a less degree Spectre - require a more active approach than sitting idly by waiting for a zero-day to occur.

With that said, as this seems to be the official standpoint of Adobe, I'll mark this question as answered.

Hopefully a working microcode patch will be released by Intel before the Meltdown security risk gets exploited through Flash player.