Adobe has apologised for a potentially dangerous bug in its Flash Player software that has gone unnoticed for more than 16 months.
Flash product manager Emmy Huang raised the issue of the long-standing bug in a blog post over the weekend, claiming it slipped through the cracks and missed four consecutive rounds of updates because Adobe was in the process of rolling out a new version of Flash when the bug was reported back in September 2008.
But the issue is sure to attract all the wrong kind of attention just a week after Adobe was labelled "lazy" by Apple boss Steve Jobs in the fallout over the lack of Flash support on the iPad tablet.
"We picked up the bug as a crasher when it was filed on 22 September 2008, and were able to reproduce it," Huang wrote. "Remember that Flash Player 10 shipped in October 2008, so when this bug was reported we were pretty much locked and loaded for launch"
Huang added: "The mistake we made was marking this bug for 'next' release, which is the soon to be released Flash Player 10.1, instead of marking it for the next Flash Player 10 security dot release."
The bug was reported by security researcher Matthew Dempsey on Adobe's Flash Player bug base, and Huang concedes that better channels of communication could have brought the mistake to light sooner.
"We should have kept in contact with the submitter and to let him know the progress, sorry we did not do that. It slipped through the cracks, and it is not something we take lightly," Huang said.
Innocent though the mistake may have been, the news is sure to have gone down well at Apple. Commenting off the record on the lack of Flash support on the newly released iPad, Jobs told Apple employees last month that Adobe was "lazy" and alleged that the Flash Player was responsible for the the majority of Mac crashes.
Huang was at pains to point out that this in no way reflected Adobe's commitment to dealing with security issues quickly and decisively.
"I want to reiterate that it is our policy that crashes are serious 'A' priority bugs, and it is a tenet of the Flash Player team that ActionScript developers should never be able to crash Flash Player," she wrote. "If a crash occurs, it is by definition a bug, and one that Adobe takes very seriously."
Huang added that a beta version of Flash scheduled for official release later this year has fixed the problem.
