Google discloses zero-day in Flash, gets criticised by Microsoft for putting users at risk

vbimport

#1

We’ve just posted the following news: Google discloses zero-day in Flash, gets criticised by Microsoft for putting users at risk[newsimage]http://www.myce.com/wp-content/images_posts/2016/05/logo_420_color_2x-95x75.png[/newsimage]

Google has publicly disclosed a leak in Windows before Microsoft was able to release a patch. The disclosure was heavily criticized but according to Google the leak is already actively exploited. Microsoft now argues that Google is putting users at risk.

            Read the full article here: [http://www.myce.com/news/google-discloses-zero-day-flash-gets-criticised-microsoft-putting-users-risk-80796/](http://www.myce.com/news/google-discloses-zero-day-flash-gets-criticised-microsoft-putting-users-risk-80796/)

            Please note that the reactions from the complete site will be synched below.

#2

Google’s fault? Mule muffins! Adobe patched the issue quickly; Microsoft sat on their hands. They could have fixed it and sent out a patch ASAP, but they’d rather play their little games and point fingers at everyone else. Guess it must be a day ending in “Y”…


#3

[QUOTE=MJPollard;2783071]Google’s fault? Mule muffins! Adobe patched the issue quickly; Microsoft sat on their hands. They could have fixed it and sent out a patch ASAP, but they’d rather play their little games and point fingers at everyone else. Guess it must be a day ending in “Y”…[/QUOTE]
eh…


#4

We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk.
Does “coordinated vulnerability disclosure” mean everyone has to ask Microsoft’s permission to warn the public of security issues? “coordinated disclosure” of anything to me sounds an awful lot like an excuse for censorship.

As for Google, if they had made specific examples of the exploit being used, that would have been helpful. If example.com was using Flash Player to breach users’ security (I doubt they are), and Google had disclosed this information, people would then know to stay away from example.com. However, since Google has not told us who is using this exploit, it’s possible that Google straight-up lied about this, perhaps to avoid criticism regarding their 7-day policy.