![\"Adobe](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/08\/adobe_bugs.jpg?resize=100%2C75&ssl=1\" "\\"Adobe")
<\/p>\n<\/p>\n
I wrote about Adobe’s<\/a> (ADBE<\/a>) problem with writing secure software earlier<\/a>.<\/em> The problems still exists according to an article in Help Net Security<\/em><\/a>. The article lays out claims by Google<\/a> (GOOG<\/a>) researcher Tavis Ormandy<\/a> that he notified Adobe of some 400 holes in\u00a0 Flash Player<\/a><\/strong>. According the the article, Adobe fell short on the latest Flash patch. In the article Mr. Ormandy claims that Adobe’s latest release of Flash:<\/p>\n the Google researchers wrote on their blog, “The initial run of the ongoing effort resulted in about 400 unique crash signatures, which were logged as 106 individual security bugs<\/a> \u2026 each crash was treated as though it were potentially exploitable and addressed by Adobe<\/a>. In the final analysis, the Flash Player update Adobe shipped earlier this week contained about 80 code changes to fix these bugs.”<\/em><\/p>\n Help Net Security<\/em> notes that after an initial silence on the matter, Adobe told Computerworld<\/em>, that Mr. Ormandy had reported some 80 bugs in Flash Player, but defended their decision to not list all the vulnerabilities in the released security bulletins by saying that it usually doesn’t reveal or mention vulnerabilities found internally – by them or their partners. Also, the question is whether all those 80 flaws would lead to an exploitable hole. It seems that Adobe believes that only holes get a CVE number<\/a>.<\/p>\n\n
![\"\"](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/08\/adobe_flash_logo.jpg?resize=68%2C68&ssl=1\" "\\"adobe_flash_logo\\""){kind=logo}
<\/a>Only patched 13 fixed holes in the application, failed to document other holes; and<\/li>\n![\"Adobe](\"https:\/\/i0.wp.com\/rbach.net\/wp-content\/uploads\/2011\/08\/malware1.jpg?resize=90%2C90&ssl=1\" "\\"Adobe")
<\/p>\nRelated articles<\/h6>\n