I got here after clicking a lot of things, I hope I'm at the right place - direct contact options seem to be limited.
Is there a response from Adobe with regards to the Meltdown and Spectre attacks? As flash usually runs in the browser I presume that Meltdown and Spectre attacks are possible? A high precision timer seems to be available in Flash, so that would normally enable these kind of attacks.
Could you please indicate if you're vulnerable and ways of mitigating the risk if this is the case? Is there a download package / version that is known to be invulnerable against these kind of attacks?
Maarten, Senior Software Architect and security professional
Absent an actual exploit in the wild, Flash Player ships on a monthly schedule, aligned with Microsoft Patch Tuesday. We'll have some formal communication accompanying that release, in the form of an Adobe Security Bulletin, Release Notes, and probably a blog post.
If you need an official statement or more detail in the interim, please reach out to the Adobe Product Security Incident Response Team <firstname.lastname@example.org> for an official response.
I think that Meltdown - and to a less degree Spectre - require a more active approach than sitting idly by waiting for a zero-day to occur.
With that said, as this seems to be the official standpoint of Adobe, I'll mark this question as answered.
Hopefully a working microcode patch will be released by Intel before the Meltdown security risk gets exploited through Flash player.