Sophos Cloud Optix
It wasn’t just Microsoft that pushed out critical security updates yesterday. Adobe also issued critical security updates for its Flash Player and AIR products, impacting many Windows and Mac users.
In fact, computer users should be getting used to security updates for Adobe Flash by now – after all, this is the fourth in as many weeks.
The latest Flash Player update from Adobe fixes four security vulnerabilities.
Although the security holes could, potentially, be exploited by a malicious hacker to hijack computers evidence hasn’t yet been seen that these vulnerabilities are being exploited in real-world attacks.
However, because of the growing prevalence of Flash-based malware attacks, the advice from SophosLabs is to apply these security patches as soon as possible.
In addition, a security update for Adobe AIR has also been made available – you can download that from the AIR download webpage and Adobe’s AIR SDK webpage.
It can be tricky keeping up-to-date with the latest version numbers of Adobe products, so here’s a handy chart showing you (at the time of writing!) the latest versions of Flash and AIR, to help you confirm that your systems are updated:
| Product | Updated version | Platform |
|---|---|---|
| Adobe Flash Player | 11.6.602.180 | Windows |
| 11.6.602.180 | Macintosh | |
| 11.2.202.275 | Linux | |
| 11.1.115.48 | Android 4.x | |
| 11.1.111.44 | Android 3.x and 2.x | |
| Adobe AIR | 3.6.0.6090 | Windows, Macintosh, Android and SDK & Compiler (includes AIR for iOS) |
You can tell whether yoru computer has Flash installed, and which version you are running, by visiting a page on the Adobe website.
Users of Google Chrome and Internet Explorer 10 should find that Adobe Flash is automatically updated.
Apart from reading Naked Security daily, I use Secunia PSI 2.0 (not version 3) to check my key software is an up-to-date version. It's free so easy to use and helps stay secure.
(I do not work for any software vendor now, used to work for Zuken Ltd who are an EDA vendor.)
I think Mozilla is doing the thing right. Seems to better to go with HTML5 than biggy-buggy flash.
Apple have all but killed Flash 1) by taking it off mobiles and 2) not adapting OSML to run efficiently with it. For those complaining about dreadfully slow app launching in OS ML it is often flash that causes it and the official position is don’t run flash:-(
Also, the flash updates are annoying because they take place outside the approved envelope of the App store and require quitting and restarting applications and the computer
Well I am running win7 x64 with Firefox 19.0.2 and there is no download button on adobe site to download the update. FireFox does say 'hey there's a new update'.
There is a thread open in the install/downloads section asking about that particular issue, but there hasn't been an answer to it since 8am.
So…if you have that issue then you can find the archived release/debug installs here to download from:
http://helpx.adobe.com/flash-player/kb/archived-f…
I suppose it has oft been said, someone really needs to sit adobe fl(tr)ash developers down and teach them about unit testing and debugging.
Maybe use some validation tools so we don't have to continually upgrade because of 'feature' code.
There is no download button when I visit adobe’s download page & my player is not updating automatically. I fear that my laptop’s processor no longer meets the minimum requirements, now 2.33GHz (mine 2.17GHz).
What are the risks of keeping older version and what are the alternatives to stay secure and play flash video?
Wow…Adobe's Flash Player update page will not display the download button in any browser that uses the Ghostery or DoNotTrackPlus tracking blocker plugins…at least on OS X 10.6.8. WTF? You can't download the update unless you let them track you?
Fine. I have a separate browser (Camino) whose history cache I keep empty, and from which I immediately remove all cookies after I visit a site. They won't be able to track much of anything.
Adobe used to be a decent company, but that was a long time ago. Their more recent behavior calls to mind the words of Obi-Wan Kenobi in commenting on the Mos Eisley spaceport: "You will never find a more wretched hive of scum and villainy." Perhaps Adobe hasn't gotten quite that bad yet, but they're working on it.