Adobe Flash Player APSB12-07 - 28 March 2012
Adobe released a critical update today for Flash Player.
The basic gist is that most of the platforms are exposed to a crash and a remote attacker can get potential control of your system. Details elude to memory corruption as the cause, which are patched with this update.
Another, highlight is that this update comes with an auto-update feature for the Flash player. The link below seems to only cite this feature for Window's users. I've not had a chance to hit my OS X systems with this update, so I can not confirm whether it reaches the Mac. Post a comment and tell us this new whistle.
Get further details on this update here:
APSB12-07 http://www.adobe.com/support/security/bulletins/apsb12-07.html
Flash Auto-update Feature http://blogs.adobe.com/asset/2012/03/an-update-for-the-flash-player-updater.html
Adobe Security Bulletins http://www.adobe.com/support/security/index.html
Many thanks to our readers Michael, Toby, Fred, Rene' and Mike for keeping on top of things and sending in links to us.
Keep it coming!
APSB12-07 http://www.adobe.com/support/security/bulletins/apsb12-07.html
Flash Auto-update Feature http://blogs.adobe.com/asset/2012/03/an-update-for-the-flash-player-updater.html
Adobe Security Bulletins http://www.adobe.com/support/security/index.html
Many thanks to our readers Michael, Toby, Fred, Rene' and Mike for keeping on top of things and sending in links to us.
Keep it coming!
-Kevin
--
ISC Handler on Duty
×
Diary Archives
Comments
And, all indications are that the silent updater will not be used for all patches. They seem to be targeting zero days only.
Uhley cautioned that not every update would use the new mechanism.
http://blogs.adobe.com/asset/2012/03/an-update-for-the-flash-player-updater.html
[quote]
I do want to note that we are not promising that all Flash Player updates going forward will be completely silent. We will be making the decision to silently install on a case-by-case basis. For instance, any update that changes the default settings of Flash Player will require confirmation from end-users even if they have already agreed to allowing background updates. Today’s update is an example of where confirmation would be required since we are changing how updates get applied to the user’s machine. However, we could apply a zero-day patch without requiring end-user confirmation, so long as the user has agreed to receiving background updates. Adobe will also continue to release feature-bearing releases that will trigger an update notification to users that highlight new and exciting features to the Flash Player.[/quote]
txISO
Mar 29th 2012
1 decade ago
BTW, both the sched' task and service remain even if you select the "never" option.
Here's a novel idea, maybe it's time for Adobe to spend some time doing code review and write some secure code. All these security flaws in a browser plugin? Come on folks.
jthomas
Mar 30th 2012
1 decade ago
Hal
Mar 30th 2012
1 decade ago