Adobe pushed out a security update for its Flash Player Wednesday, patching two critical holes and introducing a new silent update option. The update, Adobe Flash Player 11.2, addresses two memory corruption vulnerabilities in Windows, Mac, Linux and early Android builds that could lead to remote code execution according to a bulletin (APSB12-07).
Users updating to 11.2 on Windows machines will notice a new background updater for Flash that has been shipped with the patch as well.
After users update Flash, they’ll be asked how they want to receive Adobe updates going forward. The updater gives three options, including one that will automatically install updates in the background. If selected, the updater will check with Adobe every hour until it receives a response. If there’s no available update, the updater will check back 24 hours later.
“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attack,” according to Peleus Uhley, who wrote about the update on Adobe’s Secure Software Engineering Team (ASSET) blog Tuesday.
Adobe first introduced the automatic updater concept back in 2010 for its Reader and Acrobat products in order to keep its users more up to date.
Uhley cites Google and the success they’ve seen with the automatic updater in its Chrome browser as a driving force behind Adobe’s move to its own silent updater.
Mozilla announced it was working on plans for a silent updater of its own, for Firefox 12, earlier this month.
The patch is Adobe’s second for Flash this month. The company also issued an emergency patch on March 5 to fix two critical holes that could’ve allowed an attacker to remotely take over a machine.
