Adobe Patches Flash Player, Again

Thursday, March 29, 2012 @ 12:03 PM gHale


Adobe pushed out a security update for its Flash Player, patching two critical holes and introducing a new silent update option.

The update, Adobe Flash Player 11.2, addresses two memory corruption vulnerabilities in Windows, Mac, Linux and early Android builds that could lead to remote code execution according to a bulletin.

RELATED STORIES
Adobe Patches ColdFusion Flaw
Flash Player Flaws Fixed
Firefox Patch Hikes Security
IE Sandbox Next for Flash Player

Users updating to 11.2 on Windows machines will notice a new background updater for Flash that shipped with the patch as well.

After users update Flash, they will be asked how they want to receive Adobe updates in the future. The updater gives three options, including one that will automatically install updates in the background. If selected, the updater will check with Adobe every hour until it receives a response. If there’s no available update, the updater will check back 24 hours later.

“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attack,” said Peleus Uhley, who wrote about the update on Adobe’s Secure Software Engineering Team (ASSET) blog.

Adobe introduced the automatic updater concept back in 2010 for its Reader and Acrobat products in order to keep its users more up to date.

Uhley cites Google and the success they’ve seen with the automatic updater in its Chrome browser as a driving force behind Adobe’s move to its own silent updater.

Along those lines, earlier this month Mozilla said it was working on plans for a silent updater of its own, for Firefox 12.

The patch is Adobe’s second for Flash this month. The company also issued an emergency patch on March 5 to fix two critical holes that could’ve allowed an attacker to remotely take over a machine.



Leave a Reply

You must be logged in to post a comment.