Skip to main content

Google engineer claims Adobe hid “embarrassingly high” number of Flash Player bugs

After sending out the usual laundry list of bug fixes for its Flash Player yesterday, Adobe is coming under pressure from Google security engineer Tavis Ormandy who claims the update only listed 13 of the approximately “400 unique vulnerabilities”… A number he describes as “embarrassingly high”.

Ormandy claims he sent the bugs to be fixed “as part of an ongoing security audit” and, according to a report from Computerworld, was “upset that he was not credited for his bug reports”. After noticing he hadn’t received credit in the patch, he took to Twitter to address his concerns, prompting Adobe’s senior manager of corporate communications to tweet the following:

“Tavis, please do not confuse sample files with unique vulnerabilities. What is Google’s agenda here?”

Ormandy responded, also in a tweet, saying:

“I don’t know what Google’s agenda is, but my agenda is getting credit for my work and getting vulnerabilities documented.”

Hours before the patch officially rolled out, Google launched the latest version of Chrome 13 and 14, which included the Flash Player patch in question, and was accompanied by the following statement from Google:

“The Chrome Team would especially like to thank Tavis Ormandy, the Google Security Team, and Google for donating a large amount of time and compute power to identify a significant number of vulnerabilities resolved in this release of Flash Player.”

Adobe did credit 10 other researchers in the report accompanying the update, but had only this to say about Google and Ormandy’s work:

“Adobe would also like to thank Tavis Ormandy and the Google Chrome team for their great work on several improvements to this Flash Player release.”

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Jordan Kahn Jordan Kahn

Jordan writes about all things Apple as Senior Editor of 9to5Mac, & contributes to 9to5Google, 9to5Toys, & Electrek.co. He also co-authors 9to5Mac’s weekly Logic Pros series and makes music as one half of Toronto-based Makamachine.


Manage push notifications

notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications
notification icon
We would like to show you notifications for the latest news and updates.
notification icon
You are subscribed to notifications