ID: IRCNE2012111679
Date: 2012-11-20
According to "computerworld", Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule.
"Microsoft and Adobe are now officially married," joked Andrew Storms, director of security operations at nCircle Security, a software vendor, in an email. "They started dating when they decided to share the MAPP program," and once Microsoft agreed to embed Flash into Internet Explorer 10, it was "inevitable" that Adobe would begin following Microsoft's patch schedule, he said.
In July 2010, Adobe began using MAPP to deliver vulnerability information about its own products to security firms. Microsoft issues its security updates on the second Tuesday of each month. Until now, Adobe has released Flash bug fixes at irregular intervals.
The lack of synchronization became an issue after Microsoft announced it would bake Flash Player into IE10 for Windows 8 and its tablet spin-off, Windows RT. Problems surfaced in September when Microsoft said it would not patch IE10 for at least six weeks, even though Adobe had issued updates the previous month that addressed at least one vulnerability that hackers were already exploiting.
Now, however, some security professionals are praising Adobe's change. "Concentrating updates on a single day is a benefit for any organization," said Wolfgang Kandek, CTO of security vendor Qualys, in an email.
- 2