Posts tagged ‘Adobe Flash Vulnerabilities’

Adobe Flash Player Gets Security Updates on 2012 Election Day

While the world is paying all attention to the battle between Obama and Romney on 2012 Election Day, Adobe has quietly released new security updates for its vulnerable Adobe Flash Player. The security updates covers five bugs of Adobe Flash Player running in different platforms like Windows, Macintosh, Linxu and Android and two bugs of Adobe AIR designed for Windows and Macintosh or SDK and Android. With the new updates, users can not only free from the irritation brought by the easily crashed Flash Player but also make sure their systems can stay away from the potential danger of being controlled by hackers.

Adobe Flash Player versions for systems

Generally speaking, users can get the new security updates by downloading the latest version of Adobe Flash Player from Adobe Flash Player Download Center. However, the method won’t work for IE 10 and Chrome users. Functioned as plug-in in IE 10 and latest Chrome, Adobe Flash Player can’t benefit from security updates sent by Adobe. Only when official updates from Microsoft and Google are released can IE 10 users can Chrome users have their Flash Player updated. This also explains why Microsoft fixed the Flash Player bugs with Adobe in October. In general, IE 10 users can get the updates via Windows Update or by installing the latest version of IE 10. However, Chrome users have no choice but wait some time for the coming of the latest version of Chrome.

According to the news released by Adobe, different systems require the installation of different versions of Adobe Flash Player to enjoy the latest security updates. While Adobe Flash Player has added support to Android systems ranging from Android 2.2 to Android 4.0, Adobe has also added address to Android 4.0, the dividing line for the cooperation between Android and Adobe Flash Player. Users with ICS devices need to install Adobe Flash Player 11.1.115.27 while users with mobiles running Android system below 4.0 are required to install Adobe Flash Player 11.1.111.24. However, Adobe also notes that the updates can only applicable to Android devices with Flash Player installed prior to August 15, 2012, the date when Adobe Flash Player retreated from Android market.   

According to some reports, the security updates are released to solve Adobe Flash vulnerabilities may lead to buffer overflow, memory corruption or even security bypass. As is known to most users, buffer overflow provides easy chances for hackers to take control of users’ system; memory corruption will lead to the crash of the program or even the system and security bypass may invalidate security measures like password protection. In fact, the vulnerable design is system is one of the reasons that lead to the fall of Adobe Flash Player. Though releasing bug-fixing plans for Adobe Flash Player on 2012 Presidential Election Day is viewed as Adobe’s celebrating method by some people, it may just be a coincident. After all, the later the security updates Adobe releases, the more dangers user’s computer gets.

Microsoft and Adobe Jointly Fix Adobe Flash Vulnerabilities

Shortly after Adobe released a patch for Adobe Flash vulnerabilities, Microsoft had unveiled an update exclusively designed to fix the vulnerabilities of IE 10 brought by Adobe Flash Player. Since Windows 8 is not covered in Adobe’s solution, similar update from Microsoft is quite necessary. However, the fact that Microsoft and Adobe Flash jointly fix Adobe Flash vulnerabilities is still quite surprising.

The solution provided by Adobe only works on plug-in version of Adobe Flash or Adobe AIR. Since Adobe Flash becomes a built-in component of IE 10, vulnerabilities of Windows 8 are beyond the reach of Adobe‘s solution. That’s to say, solution from Microsoft is the only way to get rid of those Flash vulnerabilities caused by Adobe Flash Player in Windows 8. However, while the world believes the update will come after the launch date of Windows 8, Microsoft’s decision to debut the solution on the same date with that of Adobe is still out of everyone’s expectation.

Actually the cooperation between Microsoft and Adobe is full of such surprises. While most major operation systems were rejecting Adobe Flash, Windows 8 decided to leave a room for it. As an alternative app to Adobe Flash developed by Microsoft in 2007, Silverlight was even replaced by Adobe Flash as the built-in component of IE 10 to help users gain access to Flash content. After Flash vulnerabilities in IE 10 were found, everyone believed that Adobe Flash lost its last chance in Windows 8. However, now it seems that Windows 8 users need to handle with Adobe Flash for quite a long time.

As a vulnerable application, Adobe Flash has brought one security concern after another to PCs in 2012. According to the latest patch from Adobe, 25 Flash vulnerabilities were covered including 14 buffer overflows and 11 memory corruption flaws. After applying the patch, the Adobe Flash Player version will be updated to 11.4.402.287. Meanwhile, the update released by Microsoft named Security Advisory 2755801 aims to wipe out those Flash vulnerabilities in IE 10. The fix will be updated automatically in Windows 8 systems with default update settings. For users who have banned automatic update function, they need to fix the bug manually.

However, even with the support of Windows 8, Adobe Flash still witnesses a tough way lying ahead. For one thing, the vulnerable application will be ceased to update in just a few years; for another, alternative apps like HTML5, Silverlight from Microsoft and Gianduia from Apple will definitely become more and more popular in the future.