Network News

X My Profile
View More Activity

Critical Update for Adobe Flash Player

Adobe Systems Inc. today issued a security update to its Flash player to plug at least a dozen security holes in the software, including some that hackers have been using in to break into vulnerable systems.

flashblock.JPG

The latest update brings Flash player to version 10.0.32.18. Updates are available for most Flash installations on Windows, Mac and Linux machines. To find out what version of Flash you have, visit this page.

Adobe recommends users of Adobe AIR version 1.5.1 and earlier versions update to Adobe AIR 1.5.2

Bear in mind that depending on the number of Web browsers you use, you may need to install this update more than once. For example, Windows users who use both Internet Explorer and Firefox will need to visit the Flash download page with each browser. The IE update requires the installation of an ActiveX control, while the Firefox update page asks you to download and run an installation package (.exe.). IE users may need to click on a blue bar that appears at the top of the browser window and select "install this add-on".

The Flash vulnerabilities also are present in Adobe Reader and Acrobat, and Adobe says it expects to ship an update for Windows, Mac and Linux versions of those titles on Friday.

Adobe's advisory for this patch is available here.

I'll be hosting another Security Fix Live online chat at 11 a.m. Friday, so if you've got a burning question tech-, privacy- or security related, by all means drop it in the question box and I'll do my best to answer it.

By Brian Krebs  |  July 30, 2009; 8:06 PM ET
Categories:  Latest Warnings , New Patches , Safety Tips  | Tags: adobe flash patch 0day  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Clampi Trojan: The Rise of Matryoshka Malware
Next: Following the Money: Rogue Anti-virus Software

Comments

If I have IE8 on my PC but do not use it except as required for MS updates, do I need to do anything for it or can I just update my Firefox?

Thanks.

Posted by: Eremita1 | July 30, 2009 9:24 PM | Report abuse

I've had a problem with Google searches in Firefox redirecting for three days now. I've been running McAfee and Malwarebytes. (The drag is, MWB takes 1.5 hours to run.) I think my FF is corrupted, as Google searches took me to what looked to be spoofed pages for Spybot Search and Destroy and Mozilla support. The supposed Mozilla support page referred to this Flash problem and advised clicking to a link that took you to an Adobe Flash download page -- which also appears to have been spoofed. The page asks you to run, and not save, the .exe file, and it tells you to activate the ActiveX control (that should have tipped me off). The download took suspiciously long, and I belatedly noticed a typo on the page, so I stopped the process and deleted the resume program thoughtfully left on my Desktop. I'm now running Malwarebytes and McAfee again (both updated today) and I have 34 detections in McAfee and counting (none in Malwarebytes).

Posted by: gbooksdc | July 30, 2009 10:14 PM | Report abuse

Is there any way to install the latest version of Flash on IE without installing the Adobe Download Manager?

What an obnoxious company.

Posted by: bokamba | July 30, 2009 11:47 PM | Report abuse

I didn't realize that I had to do two different upgrades. I was still running 9.x on my IE 8! Ouch!

@gbooksdc: My wife was running into the same thing. See if you can find two wdmaud.sys files on your system. One is the real thing, the other is a Firefox hijacker. Scan both with virustotal.com. The trouble is a lot of antivirus programs don't see it as such.

Posted by: bytehead1 | July 30, 2009 11:56 PM | Report abuse

Adobe reached their market saturation point about 7 years ago but they're so lacking in awareness they don't know it.

Everytime you download something from that company you get yet another spam-like marketing package where it seems like every application NEEDs to display the Adobe name and all it does is remind you how much you dislike them.

No thanks on the patch because unlike Adobe most viruses work in the background. I suspect I'd need to spend the usual 4 hours scrubbing my computer to get rid of all the Adobe spam-ware the enjoy including.

Posted by: Leofwine | July 31, 2009 6:50 AM | Report abuse

It seems that Adobe has one patch for IE and another for all other browsers.

This morning I updated IE, then Opera, and when I checked Chrome it was up to date, and I assume it was from my Opera patch. Weird.

Posted by: Bartolo1 | July 31, 2009 8:14 AM | Report abuse

There's a site 'Filehippo.com' which has available for download updates and prior versions for many popular programs including Firefox, Thunderbird, Flash, and AIR. They also wrote a utility to check your machine for software updates, so you're always up to date. It's a great site which does not require registration or extra software!

Posted by: dannews | July 31, 2009 8:34 AM | Report abuse

Can't install the latest Flash on Mozilla. It only offers save or cancel dialog boxes, and when I save to a hard disk and run, it installs it for Windows.

Posted by: pj48 | July 31, 2009 10:41 AM | Report abuse

pj48, "Windows" and "Firefox" aren't mutually exclusive. You're trying to install a version of Flash for Firefox/Chrome/Opera designed for PCs, rather than Macs. What happens when you visit http://www.adobe.com/products/flash/about/ using Firefox? (It'll tell you which version you have loaded on your computer.)

Posted by: Heron | July 31, 2009 10:50 AM | Report abuse

Thanks for the tip Heron, I have only used Firefox a couple of times and wasn't sure how it processed updates.

Posted by: pj48 | July 31, 2009 11:35 AM | Report abuse

With both ad and flash block extensions within Firefox, I'm puzzled why anyone would want flash enabled on their browser.

Posted by: tuzoner | July 31, 2009 11:49 AM | Report abuse

You're welcome, pj48. Firefox is set up by default to send downloaded programs to the "Downloads" folder in "My Documents" on the Desktop, too, in case you're wondering where to find them. It's a two-step process: you download the Flash installer, then double-click on the icon in the Downloads folder to install Flash.

Welcome to the world of Firefox! It's usually a friendlier place than IE Land.

Posted by: Heron | July 31, 2009 11:52 AM | Report abuse

It's maddening that Adobe now had to add the Download Manager to the Flash Player installation process.

This is one of the reasons I dumped Adobe Reader years ago. The Download Manager has had security issues in the past, not to mention it's another unwanted piece of software that raises a system's attack surface.

Enough with this requirement to have one piece of software (Download Manager) just to install another piece of software!

The only saving grace is you can go to Add/Remove programs and uninstall it. But what a crappy process and design, especially for a browser plug-in that is by nature small in file size and straight foward to install. Way to go Adobe! :(

Posted by: xAdmin | July 31, 2009 12:17 PM | Report abuse

@tuzoner
"With both ad and flash block extensions within Firefox, I'm puzzled why anyone would want flash enabled on their browser."

Unfortunately many sites use flash. YouTube is a great example. Also if you are into Twitter at all, TweetDeck requires Adobe AIR (which was also updated for a vulnerability). So unless you are really able to forgo surfing to many commercial sites, you might need flash.

Beth Jones, SophosLabs

Posted by: bethjones | July 31, 2009 12:49 PM | Report abuse

Beth Jones, SophosLabs:

Just to be clear: The Flash block extension will still let you play a flash item if you want. You can also exempt certain sites from being blocked as well.

Adobe AIR is another piece of bloat-ware trash in my opinion. Most can survive without TweetDeck and Adobe AIR. Trust me. LOL

Posted by: tuzoner | July 31, 2009 1:23 PM | Report abuse

I downloaded the Reader 9.1.3 patch (AdbeRdrUpd913_all_incr.msp) from the link in the Adobe advisory and double clicked to run it in the Admin account in WinXP Home.

I get a message "Windows does not recognize this file".

What have I missed?

Posted by: Robert76 | July 31, 2009 4:56 PM | Report abuse

@xAdmin-- i might be mistaken but i think the Adobe Download Manager that installs the IE version of Flash uninstalls itself upon restart.

@Robert76-- not sure why the installer file doesn't work directly, but try checking for updates from Reader directly (i was offered 9.1.3 when i checked and it installed without issue)

Posted by: cambridgemass | July 31, 2009 7:04 PM | Report abuse

Earlier this year, YouTube and other movie sites started stuttering badly. Frames were choppy and cpu usage went through the roof. After some investigation (via googling), I found out that it was Flash 10. Of course, months earlier, I had blindly upgraded to Flash 10 when a web site notified me that my Flash was out of date.

I 'downgraded' to Flash 9, and all was well again. Flash 10 was unusable garbage that brought my computers to their knees. Unless this new version also fixes the framerate problem, I'll risk it and stick with Flash 9.

Posted by: steve1231 | July 31, 2009 8:10 PM | Report abuse

@ cambridgemass

I confirmed the Download Manager does NOT uninstall after a reboot. Had to use Add/Remove Programs.

Normally, Flash installation/upgrade doesn't require a reboot. It may if a program that uses Flash is left running during the install/upgrade process.

I use the Flash Player uninstaller (must be downloaded from Adobe), then I install the new version via Adobe's website. Until this latest version, that process has NEVER required the installation of the Adobe Download Manager. Instead this time, I was prompted to install an ActiveX control for the Download Manager, which then launched, downloaded and installed Flash Player.

Flash Player is small in comparison to Adobe Reader or other downloadable Adobe products, so it's ridiculous to require the use of a download manager in order to install it. Adobe should at least give you the choice whether or not to use the Download Manager.

Posted by: xAdmin | August 1, 2009 12:30 PM | Report abuse

I should add that the ONLY Adobe product I use is Flash Player. So, there is no reason my system would benefit from the use of the Download Manager for any other Adobe products. Regardess, my stance has always been that Adobe should be giving users a choice in whether or not to use the Download Manager for ANY of their products. IMHO, it just adds to the bloat of their products and creates another piece of unwanted software to a system.

Posted by: xAdmin | August 1, 2009 12:38 PM | Report abuse

@xAdmin

i don't disagree with you at all- it really is an unnecessary component and i'm not sure why adobe now uses this method to install the IE active x component for Flash updates. but odd that it didn't uninstall on restart, on 4 XP SP3 systems i updated, an uninstall command was added to the startup menu to uninstall DLM upon the next reboot (and it did so successfully in all cases). but i don't disagree with your overall point at all...

Posted by: cambridgemass | August 1, 2009 2:28 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company