
Security updates available for Adobe Flash Player - d99kris
http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
======
just_observing
Yet another chance for Adobe to try and get people to install McAfee which is
an "Optional offer" but checked by default. Bad form.

~~~
01Michael10
That sucks... I won a free download of Google Chrome when updating my Flash!

------
praseodym
Apple has blocked the old version as of 10 hours ago:

APPLE-SA-2014-02-04-1 OS X: Flash Player plug-in blocked

Due to security issues in older versions, Apple has updated the web plug-in
blocking mechanism to disable all versions prior to Flash Player 12.0.0.44.

Information on blocked web plug-ins will be posted to:
[http://support.apple.com/kb/HT5655](http://support.apple.com/kb/HT5655)

------
d99kris
The relevant part:

 _These updates address a critical vulnerability that could potentially allow
an attacker to remotely take control of the affected system. Adobe is aware of
reports that an exploit for this vulnerability exists in the wild, and
recommends users update their product installations to the latest versions._

~~~
mnordhoff
"relevant part?" They say that every month. The only surprising thing is that
it's "critical vulnerability," singular, not "critical vulnerabilities,"
plural.

~~~
mnordhoff
Ahem. Grumbling and bad jokes aside, you're right. The fact that Adobe
believes it's already being exploited is unusually concerning.

------
joosters
Although the security bulletin is dated February 4th, did the updates roll out
before then? I just visited the 'About Flash Player' page and it claims that I
am up to date already.

------
cheald
Doesn't seem to be shipping with Chrome beta yet.

Edit: Just got the update.

------
01Michael10
When the hell is Adobe going to include a way to manually check for updates
and then automatically install the update within their control panel applet?

~~~
praseodym
They already have that on OS X.

~~~
kogir
No, they just open a new browser window to the binary download. It most
definitely does not auto-update in place.

------
throwwit
Mozilla's update page says: "These plugins are up to date Shockwave Flash 12.0
r0 12.0.0.38" (the Jan 24th update)

~~~
Aaronn
It told me it was vulnerable

------
brianzelip
If you use a browser privacy tool like Ghostery[0] to block Adobe's Omniture
tracker, it'll have to be unblocked in order to download the new version of
flash.

[0][https://www.ghostery.com/](https://www.ghostery.com/)

------
pasbesoin
I noticed that Ubuntu 12.04 LTS pulled down a 7 KB or so installer shim,
instead of the full installer.

From my perspective, BAD! I hate this installer shim BS.

~~~
mnordhoff
I think it's some sort of legal thing. You know, distribute 7 KB FOSS shell
script, no proprietary software here, folks, nuh-uh.

The partner repository (which is for non-free software) contains a real, non-
shim adobe-flashplugin package, if you like.

~~~
pasbesoin
Interesting point.

They do it in the Windows world, too, though. Leading to people learning to
seek out their .../distribution3 page (IIRC), where the full installers are
linked.

In the Windows world, the shims bork more easily, and they don't seem to add
any benefit.

I haven't really been paying much attention in Ubuntu; I just happened to
notice this, today. On Ubuntu, Flash updates via the update manager have been
mostly "just working", and I have most Flash blocked, anyway.

Back to Windows: Whenever I have to maintain multiple machines with some or
all of them perhaps currently off-line, this shim business quickly becomes a
pain in the ass.

------
corresation
By default, Flash only checks if there is updates every 14 days, and in my
experience only actually does on system restart.

[http://www.macromedia.com/support/documentation/en/flashplay...](http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager05.html)

That is a bit bizarre given that it is in tight competition with Java (which
also features enormous update issues) as the biggest security vulnerability on
most systems.

~~~
wila
The Flash (and java for that matter) update mechanisms are a big nuisance.
Having to go visit the site manually is also not very convenient.

So I end up using a 3rd party that actually checks the plugins and gives me a
direct update link if the plugin is not up to date.

[https://browsercheck.qualys.com/?scan_type=js](https://browsercheck.qualys.com/?scan_type=js)

Not perfect, but it helps me.

------
fuckpig
Should be a sticky.

