Flash Player Receives Update
After Fortinet called attention to two security flaws in Flash Player, Adobe has released an updated, fixed version. The new release will take users from the vulnerable v22.214.171.124 up to v126.96.36.199.
You can get the patch here. Adobe and Microsoft have stayed pretty well on top of things so far, but this latest alert caused Brian Krebs to go on a small rant about the lack of an auto-update feature for Flash and Shockwave. He does grant that the two companies “are to be commended for cooperating to keep customers protected from flaws that bad guys have been quick to exploit in the past.”
“Adobe has the brains and the infrastructure in place to make auto-updating a reality, and it is long overdue,” he wrote. “Heck, even Mozilla is now working to develop its own auto-updater to check and see whether users have the latest version of Flash installed.” Of course, some auto-updaters, such as the one in Windows, haven’t exactly been universally pleasing.
But Krebs points out that Adobe Reader already has an auto-updater, and cites sources that indicate Flash and Shockwave may soon be blessed with the same. We’re waiting . . . but we’re happy to be able to wait with v188.8.131.52. And as Kreb notes, this latest patch for everybody’s favorite “standard for delivering high-impact, rich Web content” (as described by Adobe) “should update Internet Explorer, Firefox, Netscape or Opera.”
Update: I received an e-mail in which Matt Rozen, a PR Manager at Adobe, kindly pointed out that the Flash and Shockwave “actually do have” “auto-update notification capabilities.”
“The confusion on this may be from the fact that Adobe doesn’t immediately turn it on’ the day we launch a new player,” he wrote. “This is because we typically wait to ensure everything on the download center is working and kinks are worked out before driving a high traffic load. Once we change the minimum version check to notify users who are on a version lower than the current version, users will begin to see the update notification appear on their systems. By default, this check occurs if it has been at least 30 days since the last time it checked for updates. Users can also change this setting in the Settings Manager here. Note that the auto-update notification feature is for Windows only at this time.”
I appreciate the clarification.