Adobe announces automatic, silent updates for Flash
Adobe has announced that its Flash Player will update itself silently and automatically from the new release.
Announcing the release of version 220.127.116.11 for Windows, OS X and Linux, the company said it will automatically update from now on. Users have to select the option 'Install updates automatically when available (recommended)' for their Flash player to update itself.
Wolfgang Kandek, CTO of Qualys, said that he highly recommended having the latest version of Flash, as this will increase resilience.
He said: “If the user opts in, the player will in the future silently update all browsers on the system to the most current version of Flash. We highly recommend to opt in – running on the latest version of Flash adds considerable resilience to one's setup, plus it avoids the chore of updating all of your installed browsers by hand.”
Graham Cluley, senior technology consultant at Sophos, told SC Magazine that he felt this feature was "terrific". He said: “It is better to turn it on as we see so many Adobe vulnerabilities and exploits against them. Updating of Adobe products has been a problem, and while this will not be the end of exploits, at last we have regular updates.”
Adobe also patched two critical vulnerabilities with the launch: CVE-2012-0772 addresses a memory corruption vulnerability that could lead to remote code execution on Windows 7 and Vista computers; while CVE-2012-0773 addresses another memory corruption bug that can result in remote code execution on all Flash Player platforms.
Kandek said: “The update applies to all operating systems, Windows, Mac OS X, Linux and Solaris, and is rated 'priority 2', meaning Adobe is not aware of an exploit code in the wild and suggests installation within the next 30 days.”