Category Archives: Adobe

Flash 21.0.0.197

March 25, 2016 jrivett Leave a comment

According to the announcement, the latest version of Flash – released on March 23 – fixes a specific bug that was causing problems for some Flash games.

A review of the release notes seems to show that Flash 21.0.0.197 doesn’t contain any security fixes, so this isn’t an urgent update. Unless of course you’re having trouble running Flash games in your browser.

The announcement for 21.0.0.197 contains at least one error: it shows the new PPAPI version of Flash, used in Chrome, Opera, and other Chromium-based browsers, as 21.0.0.286. My own tests, as well as the official release notes, shows that the new PPAPI version is actually 21.0.0.197. I reported the discrepancy to the author.

There is no new version of Flash for Internet Explorer and Edge on Windows 8.x and 10; the latest is Flash 21.0.0.182.

As usual, Chrome will update itself with the new version of Flash.

Adobe, Edge, Flash, Internet Explorer, Patches and updates, Security

Emergency update for Flash

March 11, 2016 jrivett Leave a comment

If you use a web browser with Flash enabled, you should stop what you’re doing and update Flash.

According to the associated Adobe security bulletin, Flash 21.0.0.182 fixes twenty-three security vulnerabilities, including one (CVE-2016-1010) that is being actively exploited on the web.

The release notes for Flash 21.0.0.182 provide additional details. The new version fixes several bugs that are unrelated to security, and adds some new features.

As usual, Chrome will update itself with the new version of Flash, and Internet Explorer and Edge on newer versions of Windows will be updated via Windows Update.

Adobe, Edge, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for March 2016

March 8, 2016 jrivett Leave a comment

It’s time once again to roll up the sleeves and get patching. This month we have thirteen security bulletins and associated updates from Microsoft. The updates address at least forty-four security vulnerabilities in Windows, Internet Explorer, Edge, Office, Windows Server, and .NET. Five of the updates are flagged as Critical.

Adobe’s contribution this month is new versions of Acrobat/Reader. You may have noticed that Adobe has confused things by splitting Acrobat/Reader into several variations: classic, continuous, and desktop. According to Adobe, the continuous variant always has all the most recent updates, fixes, and new features. I think it’s safe to assume that’s the variant most people should be using. The new continuous version of Reader is 15.010.20060. All of the new versions include fixes for three security vulnerabilities.

Adobe, Flash, Internet Explorer, Microsoft, Patches and updates, Security, Windows

Patch Tuesday for February 2016

February 10, 2016 jrivett Leave a comment

Thirteen security updates from Microsoft this month address over forty issues in Windows, Internet Explorer, Edge, Office, server software and .NET. Six are flagged as Critical.

In keeping with their recent practise of tagging along with Microsoft, Adobe also just released several updates, most notably for Flash. The latest version of Flash is now 20.0.0.306. As usual, Internet Explorer on Windows 8.1 and 10 and Edge on Windows 10 will get their new Flash via Windows Update, and Chrome will update itself with the latest Flash. The associated security bulletin gets into all the technical details. A total of 22 vulnerabilities are addressed in the new version.

Adobe, Chrome, Edge, Firefox, Flash, Internet Explorer, Patches and updates, Security

More Flash updates

January 21, 2016 jrivett Leave a comment

The latest version of Flash is 20.0.0.286, for most browsers. Microsoft Edge and Internet Explorer on newer versions of Windows are apparently still stuck at Flash 20.0.0.272.

Sadly, the information on the Adobe site related to these updates is inconsistent, confusing, or just missing.

The About Flash page doesn’t seem to agree with the announcement page. The former shows “Internet Explorer (embedded – Windows 8.x) – ActiveX 20.0.0.286”, while the latter shows “Flash Player 20 for Internet Explorer on Windows 8.1: 20.0.0.272”.

The Flash runtime announcement says “Security update details can be found here: Security Bulletin (APSB16-01)”. But the APSB16-01 bulletin is for the previous Flash updates. The linked URL is also wrong; it points to an even older bulletin: APSB15-32. And to top it off, the security bulletin that should exist (APSB16-02) for this update currently generates an error.

Hopefully Adobe will fix this mess ASAP.

Meanwhile, although the announcement doesn’t mention any security fixes in the new versions, it’s safe to assume they exist, so you should update Flash in any browser where it’s enabled.

As usual, Internet Explorer on new versions of Windows will receive these updates via Windows Update, and Chrome will get its new Flash automatically.

Update 2016Feb02: I reported the announcement and bulletin problems (noted above) to the author of the announcement. He replied that the About page would be fixed, and that he had fixed the link to the bulletin on the announcement page. Unfortunately, that link now goes to the bulletin for the previous Flash release. The author claims that bulletin still applies, but it really doesn’t, since it recommends the previous version of Flash.

Update 2016Feb04: According to the author of the announcement, there were effectively no changes in this Flash update. Certainly there were no security fixes. A link to the previous security bulletin was included simply because it was the most recent bulletin. The link text will be changed to make this more clear.

Adobe, Patches and updates, Security, Shockwave

Shockwave 12.2.3.183 released

January 19, 2016 jrivett Leave a comment

A new version of the Shockwave player is available from Adobe. The official download page correctly shows the new version as 12.2.3.183, and that’s what you’ll get if you install Shockwave Player from there.

Unfortunately, Adobe still lags behind in updating other web resources related to Shockwave. The Shockwave Player help page, which detects the version you’re running, correctly identifies the installed version, but claims that the newest version is 12.1.9.159. The release notes page for Shockwave 12.x lists the latest version as 12.2.1.171.

If you use a web browser with Shockwave enabled, you should install version 12.2.3.183 as soon as possible, because there are almost certainly security fixes in the new version.

Adobe, Edge, Internet Explorer, Microsoft, Patches and updates, Security, Silverlight, Windows

Patch Tuesday for January 2016

January 12, 2016 jrivett Leave a comment

This month’s Microsoft updates are more interesting than usual, in that they are the last for versions of Internet Explorer earlier than 11. No more patches for older IE versions means you should avoid using them if at all possible, since they are likely to become a major target for malicious persons intent on spreading malware and increasing the size of their botnets.

It’s interesting to speculate on how much of a hit Microsoft will take in terms of browser share once people move way from IE 8, 9, and 10. Estimates vary, but I’ve seen recent numbers that show IE 8 at 9%, IE 9 at 7%, and IE 10 at 4%. If everyone does the right thing and switches browsers, Microsoft could lose as much as 20% of their browser market share.

There are ten updates from Microsoft this month, affecting Windows, Internet Explorer, Edge, MS Office, Visual Basic, Silverlight, and Exchange Server. Six of the updates are flagged as Critical. A total of twenty-five vulnerabilities are addressed.

When installed, the Silverlight update will bump the software’s version up to Build 5.1.41212.0. Silverlight’s release notes page has been updated to show what’s changed.

Three security advisories were also published by Microsoft today, the most interesting of which is titled Deprecation of SHA-1 Hashing Algorithm for Microsoft Root Certificate Program.

Adobe joins the fun once again this month, but this time we only get an update for Reader that addresses fifteen vulnerabilities. Surprisingly, there are no updates for Flash.

Update: Support for Windows 8 has also ended. Anyone still using Windows 8 should upgrade to Windows 8.1 to continue receiving updates.

Clarification: Microsoft will still develop security updates for Internet Explorer 7, 8, 9, and 10, as well as Windows XP, Vista, and Windows 8, because they are still supported for some business clients, and for some Windows Server versions. The updates just won’t be available to regular folks.

Adobe, Flash, Patches and updates, Security

Flash 20.0.0.267 fixes numerous security issues

December 29, 2015 jrivett Leave a comment

There’s a holiday present from Adobe in the form of yet another new version of Flash. This one fixes at least nineteen security vulnerabilities – including one that is currently being exploited on the web – as well as a few other bugs. There are additional details in the release notes.

As usual, Chrome and Internet Explorer will get the new version via their own update mechanisms.

If you use Flash in a web browser, push that plate of turkey leftovers to the side and install the new Flash ASAP.

Update 2016Jan02: On January 1, Adobe released another version of Flash, this time just for the ActiveX version used in older versions of Internet Explorer on Windows 7 and earlier. According to the updated release notes, Flash 20.0.0.270 includes one change: “Fixed loading problem with Flash Player in embedded applications”.

Adobe, Flash, Google, Security

Adobe’s plans for Flash

December 14, 2015 jrivett Leave a comment

Adobe’s plans to phase out Flash continue. Early in 2016, the software used to create Flash video will be renamed from Flash Professional to Adobe Animate CC. The new software will still be able to produce Flash videos, but it will focus more on HTML5 video.

The ubiquitous and notoriously insecure Flash player – the one that lets you play Flash video in your browser – will continue to be developed and supported by Adobe for at least the next five (and maybe ten) years. But Adobe is making it easier for video producers to move away from Flash and toward HTML5.

Meanwhile, Google has announced that they will start blocking Flash-based advertisements, which should provide the necessary motivation for advertisers to move away from Flash.

References

Adobe, Patches and updates, Shockwave

Shockwave player 12.2.2.172

December 10, 2015 jrivett Leave a comment

According to FileHippo’s release history for Adobe Shockwave Player, Shockwave 12.2.2.172 was released on November 25, 2015.

The official download page for Shockwave confirms that the latest version is 12.2.2.172. Unfortunately, the official release notes for Shockwave show the latest version as 12.2.1.171.

Worse still, Adobe’s Shockwave version checker page tells me this: “Sorry, your computer does not have the latest Shockwave Player installed. Please go to step 2. (Your version:12.2.2.172 Latest Version:12.1.9.159)” It’s trying to tell me that 12.1.9.159 is the latest version (it isn’t) and that the version I’m running (which is in fact the latest version) is both out of date and somehow older than a version which is clearly the older of the two (12.1.9.159 is older than 12.2.2.172).

Hey Adobe: it’s hard enough to keep our software up to date without you sending us mixed messages.

boot13