Category Archives: Patches and updates

Another new version of Adobe Flash

Yesterday, in yet another attempt to finally get it right, Adobe announced a new minor release of its ubiquitous (and problematic) Flash player for all platforms. The new release takes us from the 10.3 series to 10.4.

Additional details are available in the in the related Security Bulletin.

As usual, the new version addresses security issues that could lead to attacks on systems running older versions. It also includes a few new features; the release notes cover all the changes.

Windows and Mac users should update to the new version (11.4.402.265) as soon as possible. Attacks based on this vulnerability are spreading fast on the Internet.

Updates for Adobe Flash, Shockwave and Acrobat Reader

Adobe issued several new bulletins today.

First up is Adobe Acrobat and Acrobat Reader. Adobe security bulletin APSB12-16 announces Reader and Acrobat versions 10.1.4 and 9.5.2, which address a specific crashing problem that could allow an attacker to gain control of affected computers.

Next is Adobe security bulletin APSB12-17. This bulletin announces version 11.6.6.636 of Shockwave. Once again, the new version addresses a security issue.

Finally, a new version of the Flash player is announced in Adobe security bulletin APSB12-18. The new version is 11.3.300.271, and it addresses yet another crash-leading-to-possible-exploit security problem. As mentioned previously here, Google Chrome users will receive the new version of Flash for Chrome with the latest version of that browser. It remains to be seen whether this latest fix will resolve the long-standing crashing problems with the Flash player on Windows 7 systems.

August 2012 Patch Tuesday

Another Patch Tuesday is here, and this time there are nine bulletins, with associated patches affecting most versions of Windows and Microsoft Office. Several of the Windows patches are classified as critical.

Details on the August 2012 patches are posted on the Microsoft Security Bulletin site.

The patches are now available via Microsoft Update. Computers configured for automatic updates should start receiving them overnight.

August 2012 Patch Tuesday advance warning

Microsoft will be issuing several patches for Windows, Office, and other software on August 14, 2012. According to the advance bulletin, there are nine updates in all, with five affecting various versions of Windows, and three affecting various versions of Office.

A total of 14 vulnerabilities will be addressed by the patches. Five of the bulletins are rated critical.

Additional details will be posted here as they are made available in the lead-up to Patch Tuesday.

Latest Chrome browser includes more stable Flash

According to Google’s Chromium blog, the most recent version of the Chrome web browser (21.0.1180.60) includes a new version of Flash that uses a more stable technology for integration into the browser.

According to Google:

Beyond the security benefits, PPAPI has allowed us to move plug-ins forward in numerous other ways. By eliminating the complexity and legacy code associated with NPAPI, we’ve reduced Flash crashes by about 20%.

That sounds promising. Given the massive, ongoing problems with Flash in all browsers, it’s encouraging to see any kind of progress. Of course, this only affects Chrome. Also, it would be nice to see crashes reduced by a number approaching 100%. Oh well.

Update for Flash Player Update Service

If you use Adobe Flash Player on Windows (and who doesn’t, really?) you may have noticed that recent versions include an auto-update system. This software runs on your computer in the background, checks for new versions of Flash, and optionally updates Flash automatically. It’s called the Flash Player Update Service.

Yesterday, Adobe released an update for the Update Service to address a crashing problem in the service. The Flash player itself was not changed, and no other changes were made to the Update Service.

So, despite the fact that this update to the Update Service does not affect Flash itself, Adobe packaged the update in a ‘new’ version of Flash: 11.3.300.270. Confusingly, this ‘new’ version of Flash will not appear on the Product Download Center, although it will appear on various other pages on the Adobe web site. At the time of this posting, the Download Center still shows version 11.3.300.268. Apparently the Update Service crashing issue was so serious that Adobe didn’t have time to get everything right.

Note that this crashing problem is totally unrelated to the ongoing crashing problems of the Flash player itself. In the 11.3.300.270 announcement, Adobe refers to the Flash player crashing problem, asking users to provide crash reports to assist in diagnosing it. A previous Flash player update (11.3.300.268, released July 26, 2012) was Adobe’s most recent attempt to resolve the player’s crashing problems.