Adobe drags Google into Microsoft's Patch Tuesday

Adobe's decision to fix Flash on Patch Tuesday forces Google to update Chrome the same day

By , Computerworld |  Security, Adobe, Adobe Flash

Google has been dragged into adopting rival Microsoft's Patch Tuesday, fallout from an Adobe move last month.

Earlier this week, Google updated its Chrome browser, quashing six bugs and as it often does, also updating Adobe's Flash Player. That same day, Microsoft shipped seven security updates to patch 12 vulnerabilities, and Adobe released a new version of Flash to address three critical bugs.

It was the Flash patches that triggered Chrome's copycat update: In November, Adobe announced it would synchronize Flash updates with long-time-partner Microsoft's Patch Tuesday. Most security experts applauded the decision, which they said was prompted by the bundling of Flash with Internet Explorer 10 (IE10) on Windows 8 and Windows RT.

Those same experts said Adobe's hand was probably forced by Microsoft, which had bumbled this fall when it failed to sync IE10 updates with those shipped by Adobe for Flash.

But because Google also bakes Flash Player into Chrome, Adobe's Patch Tuesday adoption also requires Google to ship updates the same day or put its users at risk.

Chrome has included Flash since April 2010, and is regularly updated whenever Adobe patches the popular media player.

Security professionals praised the three-vendor synchronization on the month's most important patch day.

"We already knew that Microsoft was the leader in security patch cadence, so for others to fall in line was inevitable," said Andrew Storms, director of security operations, in an instant message interview. "I suspect the more this happens, the more vendors will want to coordinate. It really is better for both them and customers if everyone knows a patch is imminent."

Jason Miller, manager of research and development at VMware, concurred. "It's good to see vendors coordinate like this," he said in an interview earlier this week.

But even more could be done.

"The biggest win [for users] is if all the vendors provided an advance notification so security teams could plan accordingly," he said. "Without proper notice, we are really in the same boat as before, where the surprise updates catch you off guard."

Originally published on Computerworld |  Click here to read the original story.
Join us:






SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question