Locked

Adobe Flash player that mitigates Meltdown and Spectre

New Here ,
Jan 26, 2018 Jan 26, 2018

Copy link to clipboard

Copied

Hi Adobe,

I got here after clicking a lot of things, I hope I'm at the right place - direct contact options seem to be limited.

Is there a response from Adobe with regards to the Meltdown and Spectre attacks? As flash usually runs in the browser I presume that Meltdown and Spectre attacks are possible? A high precision timer seems to be available in Flash, so that would normally enable these kind of attacks.

Could you please indicate if you're vulnerable and ways of mitigating the risk if this is the case? Is there a download package / version that is known to be invulnerable against these kind of attacks?

Kind regards,

Maarten, Senior Software Architect and security professional

patching - Adobe Flash and Meltdown / Spectre - Information Security Stack Exchange

TOPICS
Download install

Views

436

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct Answer

Adobe Employee , Jan 26, 2018 Jan 26, 2018
Absent an actual exploit in the wild, Flash Player ships on a monthly schedule, aligned with Microsoft Patch Tuesday.  We'll have some formal communication accompanying that release, in the form of an Adobe Security Bulletin, Release Notes, and probably a blog post. If you need an official statement or more detail in the interim, please reach out to the Adobe Product Security Incident Response Team <psirt@adobe.com> for an official response.

Likes

Translate

Translate
Adobe Employee ,
Jan 26, 2018 Jan 26, 2018

Copy link to clipboard

Copied

Absent an actual exploit in the wild, Flash Player ships on a monthly schedule, aligned with Microsoft Patch Tuesday.  We'll have some formal communication accompanying that release, in the form of an Adobe Security Bulletin, Release Notes, and probably a blog post.

If you need an official statement or more detail in the interim, please reach out to the Adobe Product Security Incident Response Team <psirt@adobe.com> for an official response.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 13, 2018 Feb 13, 2018

Copy link to clipboard

Copied

LATEST

I think that Meltdown - and to a less degree Spectre - require a more active approach than sitting idly by waiting for a zero-day to occur.

With that said, as this seems to be the official standpoint of Adobe, I'll mark this question as answered.

Hopefully a working microcode patch will be released by Intel before the Meltdown security risk gets exploited through Flash player.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines