Adobe Flash enables auto-updating while patching two critical flaws

Adobe patchAdobe released Flash Player version for Windows, OS X and Linux today. In my view this is a milestone release as it finally introduces an automatic, silent updating mechanism to help users stay current with the latest releases from here forward.

Google Chrome users may consider themselves spoiled, as they have been enjoying the worry-free joy of automatic updating of both their browser and integrated plugins like Flash Player for quite some time.

To obtain the latest Flash Player you should visit Windows users will be presented with a new dialog box during installation prompting them to enable automatic updating.

New Adobe Flash Player update options

I highly recommend choosing the option “Install updates automatically when available (recommended)” as there is nearly no downside with keeping your Flash Player up to date.

In addition to the new updater, this Flash update fixes two critical Flash vulnerabilities. The fix for CVE-2012-0772 addresses a memory corruption vulnerability that could lead to remote code execution on Windows 7 and Vista computers.

CVE-2012-0773 is also fixed in this release and addresses another memory corruption bug that can result in remote code execution on all Flash Player platforms. SophosLabs rates this update as high priority considering the history of exploitation of flaws in Flash Player.

I asked my wife to update her Flash Player this evening and she said “I just did that a couple of weeks ago”. Yes, Flash updates have been fast and furious lately, but it is better than the alternative. We could be waiting three months for the next Java update.