Adobe Patches Flash Player, Unveils New Silent Updater

Adobe pushed out a security update for its Flash Player Wednesday, patching two critical holes and introducing a new silent update option. The update, Adobe Flash Player 11.2, addresses two memory corruption vulnerabilities in Windows, Mac, Linux and early Android builds that could lead to remote code execution according to a bulletin (APSB12-07).

Adobe Flash updaterAdobe pushed out a security update for its Flash Player Wednesday, patching two critical holes and introducing a new silent update option. The update, Adobe Flash Player 11.2, addresses two memory corruption vulnerabilities in Windows, Mac, Linux and early Android builds that could lead to remote code execution according to a bulletin (APSB12-07).

Users updating to 11.2 on Windows machines will notice a new background updater for Flash that has been shipped with the patch as well.

After users update Flash, they’ll be asked how they want to receive Adobe updates going forward. The updater gives three options, including one that will automatically install updates in the background. If selected, the updater will check with Adobe every hour until it receives a response. If there’s no available update, the updater will check back 24 hours later.

“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attack,” according to Peleus Uhley, who wrote about the update on Adobe’s Secure Software Engineering Team (ASSET) blog Tuesday.

Adobe first introduced the automatic updater concept back in 2010 for its Reader and Acrobat products in order to keep its users more up to date.

Uhley cites Google and the success they’ve seen with the automatic updater in its Chrome browser as a driving force behind Adobe’s move to its own silent updater.

Mozilla announced it was working on plans for a silent updater of its own, for Firefox 12, earlier this month.

The patch is Adobe’s second for Flash this month. The company also issued an emergency patch on March 5 to fix two critical holes that could’ve allowed an attacker to remotely take over a machine.

Suggested articles

Discussion

  • Anonymous on

    Wow finally making a little progress? I wonder if the silent updater is service based. If not ,they have released another piece of junk that doesn't help business IT. It is nice that they started releasing update catalogs for SCCM, but what are IT departments without SCCM suppsed to do? Users can't run flash updates. A service installed by an admin can.

    The fact that has taken them this long to get this this point in security development is really scary actually. Get it together Adobe. Now that I am done complaining, I guess I will go back to applying the 47 million updates in order that it takes to upgrade the adobe 9 PRO media to 9.whatever the current version is. Still no cumulative patch, still only 9.0 vanilla ISO/ZIP available. Adobe...You suck. Thanks a lot.

  • Anonymous on

    I stick to my vbscript running as scheduled task with highest privileges to update flash player in the background... works like a charm as long as Adobe doesn't change their Flashplayer about page or the file naming schema.

     

  • FrancesGates on

    All must know some facts just about this good topic, because it is worth to purchase essay writing and essay for sale in the writing services or it’s available to buy essay in such situation!
  • Anonymous on

    The more it goes, the more I feel like they will claim property of our own computers. I have never noticed a benefit from an Flash update, only noticeable changes were more like "eek why so many crashes now ?". To enforce the next invasive update ?

    But I fell as a threat that they can just install any kind of functionality whenever they want (my PC is private), without justification. People should know better. The descriptions of the issues they pretend to fix are opaque.

    I guess there are Open Source alternatives, I will consider this from now on.

    Oh, and reading this message will infect your device with all known threatening strands at once no matter what. Word.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.