Adobe Systems has apologized for letting a 16-month-old bug in Flash Player “languish without a patch, even though it updated the popular plug-in four times since the flaw was reported,” reports “Computerworld” (http://www.computerworld.com/s/article/9153520/Adobe_apologizes_for_16_month_old_Flash_bug).
Adobe says the bug was fixed in the beta of Flash Player 10.1, which was released last November. The final version of Flash Player 10.1, however, won’t ship until later this year.
Security researcher Matthew Dempsey first reported the Flash vulnerability Sept. 22, 2008, according to Adobe’s public bug tracking database. When exploited, the flaw causes Internet Explorer 6 and 7, and Firefox and Safari 3 to crash; in other browsers, the browser stays up while Flash Player goes down, notes Computerworld.