Adobe Issues Out-of-Band Patch for Flash Player
Security Watch
SHARE
Facebook X Pinterest WhatsApp

Adobe Issues Out-of-Band Patch for Flash Player

security patch
Written By
Sean Michael Kerner
Sean Michael Kerner
Nov 26, 2014
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Adobe issued an out-of-band patch update on Nov. 25 for a vulnerability identified as CVE-2014-8439, which impacts the Adobe Flash Player.

Typically, an out-of-band patch update is a rare event that is reserved for severe and risky zero-day flaws, but that’s not quite what is going on with the new Adobe update. The CVE-2014-8439 vulnerability was actually first mitigated during Adobe’s regular patch Tuesday update on Oct. 14.

Adobe spokesperson, Heather Edell told eWEEK that that October update included a proactive mitigation, which typically is not assigned a common vulnerabilities and exploits, or CVE, number.

“We were later notified that there was an attack in the wild, and we identified that the proactive mitigation was blocking this attack,” Edell said. “Since there was a specific attack in this area, we added further mitigations in today’s release.”

The actual CVE-2014-8439 vulnerability is what Adobe’s advisory describes as a “de-referenced memory pointer that could lead to code execution.”

Though Adobe has now issued further mitigations for CVE-2014-8439, it’s not because any attacks were actually able to bypass the protection that Adobe provided in the October update.

“Out of an abundance of caution, we are releasing further changes that strengthen the mitigation against potential variants,” Edell said. “That said, we are not aware of any attacks, in the wild or otherwise, that can bypass the October mitigation.”

In my view, this is truly a dramatic turnaround for Adobe, in contrast to the way it used to deal with security. Back in 2009, Adobe was largely a reactive company when it came to security, dealing with what seemed like an endless stream of zero-day vulnerabilities with active exploits in the wild.

The Nov. 25 out-of-band update, in contrast, is a remarkably proactive effort to protect users.

In a 2013 video interview I did with Adobe Chief Security Officer Brad Arkin, he explained to me how Adobe made security a core principle of the entire company’s development efforts.

It’s an effort that is clearly working today.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.
Sean Michael Kerner
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information