Adobe Flash enables auto-updating while patching two critical flaws

Filed Under: Adobe, Adobe Flash, Featured, Vulnerability

Adobe patchAdobe released Flash Player version 11.2.202.228 for Windows, OS X and Linux today. In my view this is a milestone release as it finally introduces an automatic, silent updating mechanism to help users stay current with the latest releases from here forward.

Google Chrome users may consider themselves spoiled, as they have been enjoying the worry-free joy of automatic updating of both their browser and integrated plugins like Flash Player for quite some time.

To obtain the latest Flash Player you should visit http://get.adobe.com/flashplayer. Windows users will be presented with a new dialog box during installation prompting them to enable automatic updating.

New Adobe Flash Player update options

I highly recommend choosing the option "Install updates automatically when available (recommended)" as there is nearly no downside with keeping your Flash Player up to date.

In addition to the new updater, this Flash update fixes two critical Flash vulnerabilities. The fix for CVE-2012-0772 addresses a memory corruption vulnerability that could lead to remote code execution on Windows 7 and Vista computers.

CVE-2012-0773 is also fixed in this release and addresses another memory corruption bug that can result in remote code execution on all Flash Player platforms. SophosLabs rates this update as high priority considering the history of exploitation of flaws in Flash Player.

I asked my wife to update her Flash Player this evening and she said "I just did that a couple of weeks ago". Yes, Flash updates have been fast and furious lately, but it is better than the alternative. We could be waiting three months for the next Java update.

, , ,

You might like

19 Responses to Adobe Flash enables auto-updating while patching two critical flaws

  1. Julie · 750 days ago

    My friend installed an Adobe Flash Player update about two days ago. With came a virus. She is not happy. HAd to take it to the shop to get it cleaned. We are all worried about viruses in Adobe & other updates now.

    • Ummm... Flash player does NOT come with a virus if you download DIRECTLY from Adobe. Yes it may come with Adware (Google toolbar or McAfee safe scan), but no viruses. Just where did she download the Flash player "update" from? Are you sure it's not a rogue?

      • Julie · 750 days ago

        It kept appearing on her computer screen over a few days. So she decided to down load it. What is the Correct web site address for Adobe?

        • Plunkity · 750 days ago

          You can find it at adobe dot com. http://www.adobe.com/downloads/

          • Julie · 749 days ago

            Thankyou!
            I have passed the address on. Used it myself! All good. My friend has her comp back from the shop; helped her with the Adobe updates. ALL IS WELL there.

            A completely unrelated question;
            Why is it when I "Defrag" C Drive; it defrags ok. But when I do Recovery or SYSTEM they still remain Fragmented? System is 35% now.

            • MichaelN · 707 days ago

              There is no reason to defrag either of them, your System drive cant be defragmented because its not really fragmented to begin with, your Recovery cant be defraged because your not suppose to modify it - its a recovery disk, the data on it is protected from modification to keep bad things from happening to your data.

        • Tim · 664 days ago

          That means she already had a virus.

  2. K C · 750 days ago

    They have push the flash-plugin-11.2.202.228 to linux also which I found yesterday . However the auto update functions seems to be comes with Windows only.

  3. Ben · 750 days ago

    Chrome user, here. I've been spoiled. :)

  4. Andy Collins · 750 days ago

    Any idea if this auto updater will work on corporate machines that have admin rights removed for users?

    • Plunkity · 750 days ago

      Also - does anyone know about the impact if you have been deploying flash updates to Windows machines via GPO?

  5. LGH · 750 days ago

    I've had no end of trouble with flash on chrome, I don't feel "spoiled" at all. Went in & did the disabling thing with the extras, its still not working properly

  6. Tuner Geek · 750 days ago

    @LGH, I've had the same bad experience with Flash on Chrome browser. Likewise I disabled it, worked fine for a while (at least long enough that I had to go looking for the guide when it started acting up again :- ) Now it's enabled again and working fine - for now... Yeah, I'm not impressed or feeling spoiled...

  7. MikeP · 750 days ago

    I will NEVER trust an 'automatic update' system, they are far too open to being hi-jacked by malware and malicious packages! Even the M$ system is fraught with problems and gotchas. I very strongly recommend selecting the 'Notify me when updates are available' option so you can decide when and whether to install and to go to the official Adobe website to get any updates from and known source.

    Another advantage of not using auto is that you can chose whether to have some of the rubbish pushed out by some software venders (M$ response to the EU requirement for a browser selection option is a case in point, if you've already chosen not to use IE then you don't need that junk anyway, so why waste space?).

  8. Lisha · 750 days ago

    It has just taken me more than 40 mins to get this simple update to work. I started the installer several times and each time selected the 'Inform me when updates are available' option rather than the auto-update... when I finally restarted for the 5th time and selected auto-update, the damn installer went on and did the update very quickly. I'd call that a bug, and a very annoying one too!

  9. No problem for me. The installation process went very smoothly.

    But first I uninstalled flash using the Flash uninstaller (also provided by Adobe): http://helpx.adobe.com/flash-player/kb/uninstall-...

    Then I downloaded the latest Flash player from http://get.adobe.com/flashplayer/.

    I always uninstall the previous version of Flash first before updating.

  10. guest · 750 days ago

    When you have a data plan with a set limit you do not want to enable auto downloads! We went over our data plans on our 10G verizon aircard 3 months in a row, it was awful!! Finally figured out what chrome was doing with auto updates, uninstalled chrome and installed firefox. Haven't went over our 10G limit since. My IT told me to take my laptop to a free wi-fi spot, download any updates I need, installl them on a flashdrive to install them on my desktop. Works like a charm!

  11. Freida Gray · 748 days ago

    I installed the Adobe Flash Player 11.2.202.208 in the beta version in January.It had the automatic update option then.Yes, it was installed directly from the Adobe website.I have found that updates installed directly from the Adobe Labs website don't include all of the other updates such as Chrome & McAfee,but even if they are installed from somewhere else you are given the option of refusing the added installations.When the flash player updates automatically, the other things DO NOT update with it.Those need to be updated seperately.

  12. bob · 746 days ago

    Does anybody know if the automatic update will work if the user doesn't have admin rights?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.