Adobe Patches 34 More Bugs in Flash | eWeek

Adobe Patches 34 More Bugs in Flash

Flash flaws
Aug 11, 2015
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Another month, another large patch load from Adobe. The company’s August Patch Tuesday update released today provides fixes for 34 identified Common Vulnerabilities and Exposures (CVEs).

The August patch haul is a marginal improvement over the 36 security vulnerabilities that Adobe patched in the July patch update, though Adobe did have to patch an additional two zero-day flaws days after that update was released to deal with issues identified in the recent Hacking Team breach.

As opposed to the two issues fixed after the Hacking Team breach, which were being actively exploited, Adobe has stated that it is not aware of any exploits in the wild for any of the 34 issues addressed in the August update.

In July, the primary source of bug reporting to Adobe for Flash came by way of Google’s Project Zero initiative, which responsibly disclosed 20 vulnerabilities. For the August patch haul, Adobe credits Google Project Zero researchers for reporting 23 bugs.

Google has also been working with Adobe to prevent future exploits via a number of security mitigations that Adobe has already implemented.

“For Flash Player, we put the vector mitigation technologies into the last update,” Adobe spokesperson Wiebke Lips told eWEEK. “So those mitigations should help significantly.”

While Adobe is patching Flash today, it isn’t patching its Adobe Reader PDF application. That’s despite the fact that at the DefCon security conference in Las Vegas on Aug. 9, Brian Gorenc, manager of vulnerability research at HP’s Zero Day Initiative (ZDI), discussed multiple sets of vulnerabilities in Adobe Reader, including a set of CVEs related to JavaScript APIs in Reader.

Gorenc noted that Adobe has patched many of the issues that it has submitted so far. ZDI has submitted approximately 100 vulnerabilities to Adobe for Reader in 2015, according to Gorenc.

Adobe patches Reader on a quarterly basis, while HP has a responsible disclosure policy that gives vendors up to four months to patch a vulnerability before HP publicly discloses any issue. Given the highly efficient nature of Adobe’s security organization, it’s very likely that all of the issues that HP has found will be patched inside of the four-month timeline.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.