Tuesday, December 10, 2013

Adobe Critical Updates:
Flash Player, AIR, Shockwave Player


It's the fourth quarterly, second Tuesday of the month which means… 

It's Adobe Security Update Day!

Adobe is offering three critical security updates:

Adobe Flash Player v11.9.900.170
Adobe AIR v3.9.0.1380
Adobe Shockwave Player v12.0.7.148

Happily, there is no Adobe Acrobat / Adobe Player update required. The current version is

Adobe Security Bulletins are available here:

Security updates available for Adobe Flash Player [and Adobe AIR]
These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit designed to trick the user into opening a Microsoft Word document with malicious Flash (.swf) content exists for CVE-2013-5331. Adobe Flash Player 11.6 and later provide a mitigation against this attack….

These updates resolve a type confusion vulnerability that could lead to code execution (CVE-2013-5331).

These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2013-5332).
Security update available for Adobe Shockwave Player
This update addresses a vulnerability that could allow an attacker, who successfully exploits this vulnerability, to run malicious code on the affected system. Adobe recommends users of Adobe Shockwave Player and earlier versions update to Adobe Shockwave Player using the instructions provided in the "Solution" section above.

This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2013-5333, CVE-2013-5334).
. . .

Adobe has changed their updating process yet again. Using Adobe's update pages is now simple and logical. Thank you Adobe!

However, Adobe is again preventing users from downloading full installers of the Adobe Flash Player. Instead, all you get is a small installer application that requires access to the Internet in order to download the software components. This of course is entirely contrary to the Mac user experience. It is also annoying and inconvenient. If you have several computers to update, tough luck! If you want to update computers that are not connected to the Internet, tough luck! IOW: Retrograde user-hostility. No thank you Adobe!

I was also annoyed to see the Adobe Flash Player installer phone home to six different Adobe IP addresses during the installation. Six? Seriously? Just to be complicated?

Thankfully, Adobe has not pulled this stunt with the Adobe AIR or Adobe Shockwave Player installers. However, the Adobe AIR installer phones home to four different Adobe IP addresses. Adobe, I thought the ideal was to make installations simpler!


No comments:

Post a Comment