No fixed Adobe: Missing patches and Firefox warnings

Filed Under: Adobe, Adobe Flash, Firefox, Vulnerability

Mozilla has pushed out a new version of its popular Firefox web browser that fixes a number of critical security vulnerabilities.

Obviously you should update your installation of Firefox to take advantage of these fixes, but another good reason is that this new version also rather wonderfully warns you if you are running an out-of-date version of Adobe Flash:

Firefox warns of out-of-date version of Adobe Flash

That's great. As I mentioned last week, Adobe can be considered very much "the new Microsoft", but not in a good way.

Adobe's Flash and PDF software is frequently targeted by hackers because so many of the world's computers are running it. As a result, users have been facing a running battle of keeping up-to-date with Adobe security patches to ensure that they are not exposing themselves to infection via exploitable code.

Anything which warns users that they do not have the latest version of Adobe Flash installed has to be a good thing. So Mozilla should be applauded for helping its millions of users (the vast majority of whom are certainly running a version of Adobe Flash) in this fashion.

Keeping up-to-date with Adobe Flash has been in the news in the last week or so, after it was discovered that Mac users upgrading to Snow Leopard could have Adobe Flash silently downgraded without their knowledge, potentially reopening security vulnerabilities.

Adobe has recognised that hackers are increasingly targeting its software, and earlier this year announced that it would be following in Microsoft's footsteps by releasing security patches (for its Acrobat Reader PDF software at least) on a regular basis.

Indeed, it announced that it would be releasing vulnerability fixes on the second Tuesday of every third month, and the first of those appeared in June.

Hmm... June, July, August, September... Hey, shouldn't we have had some Adobe security patches on Tuesday to time in with the ones that came from Microsoft? Why are they missing in action?

According to media reports, Adobe has decided to hold off on its second bunch of quarterly updates until October 13th.

I'm not sure that this chopping-and-changing schedule from Adobe is good news for system administrators who like to schedule as much as possible when they will have to roll out new versions of software.

Update: Thanks to Clu-blog reader Malware Domain List, who made the excellent point that hackers might attempt to fake the warning that Mozilla Firefox displays when Adobe Flash is out of date, and lead you to a malicious webpage or download. That's certainly a risk - and so you should always ensure that you are downloading the latest version of Flash from Adobe's own website.

, , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.