Adobe Flash Player APSB12-07 - 28 March 2012

Published: 2012-03-28. Last Updated: 2012-03-28 19:45:38 UTC
by Kevin Shortt (Version: 1)
3 comment(s)

Adobe released a critical update today for Flash Player.  

The basic gist is that most of the platforms are exposed to a crash and a remote attacker can get potential control of your system.  Details elude to memory corruption as the cause, which are patched with this update.
 

Another, highlight is that this update comes with an auto-update feature for the Flash player.  The link below seems to only cite this feature for Window's users.  I've not had a chance to hit my OS X systems with this update, so I can not confirm whether it reaches the Mac.   Post a comment and tell us this new whistle.                                         
 
Get further details on this update here:

APSB12-07                            http://www.adobe.com/support/security/bulletins/apsb12-07.html
Flash Auto-update Feature    http://blogs.adobe.com/asset/2012/03/an-update-for-the-flash-player-updater.html
Adobe Security Bulletins        http://www.adobe.com/support/security/index.html


Many thanks to our readers Michael, Toby, Fred, Rene' and Mike for keeping on top of things and sending in links to us.  

Keep it coming!
 
 
-Kevin
 
--
ISC Handler on Duty
 
3 comment(s)

Comments

Two things: The background updater for Macs is still under development and will be released at a future date.

And, all indications are that the silent updater will not be used for all patches. They seem to be targeting zero days only.

Uhley cautioned that not every update would use the new mechanism.

http://blogs.adobe.com/asset/2012/03/an-update-for-the-flash-player-updater.html
[quote]
I do want to note that we are not promising that all Flash Player updates going forward will be completely silent. We will be making the decision to silently install on a case-by-case basis. For instance, any update that changes the default settings of Flash Player will require confirmation from end-users even if they have already agreed to allowing background updates. Today’s update is an example of where confirmation would be required since we are changing how updates get applied to the user’s machine. However, we could apply a zero-day patch without requiring end-user confirmation, so long as the user has agreed to receiving background updates. Adobe will also continue to release feature-bearing releases that will trigger an update notification to users that highlight new and exciting features to the Flash Player.[/quote]
So now we have a installer adding another scheduled task and service just to update a browser plugin?

BTW, both the sched' task and service remain even if you select the "never" option.

Here's a novel idea, maybe it's time for Adobe to spend some time doing code review and write some secure code. All these security flaws in a browser plugin? Come on folks.
The new version of the plugin crashes on my Kubuntu 10.04.4 LTS desktop when trying to use Google Streetview.

Diary Archives