Flash Player 11.2 fixes vulnerabilities + automatic update

[Antony]

Adobe released Flash Player 11.2, addressing two critical arbitrary code execution vulnerabilities and introducing a silent update option.

One of the patched vulnerabilities stems from how older versions of Flash Player checks URL security domains, and only affects the Flash Player ActiveX plug-in for Internet Explorer on Windows 7 or Vista.

Both vulnerabilities can trigger memory corruptions and can be exploited to execute arbitrary code remotely. However, Adobe is not aware of any exploits for these flaws being used in online attacks at this time, said Wiebke Lips, Adobe's senior manager of corporate communications.

The latest Flash Player can be obtained at http://get.adobe.com/flashplayer/

It is interesting to note that “silent update” has been introduced in Flash Player 11.2. Unlike Mozilla (or Google Chrome), users will be given a choice whether or not to allow software update automatically. And even when the automatic update option is enabled, Adobe will decide on a case-by-case basis which updates will be deployed silently and which won't. Those that change the Flash Player default settings will require user interaction.

For more detail, please refer to http://blogs.adobe.com/asset/2012/03/an ... dater.html

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.28) Gecko/20120306 AlexaToolbar/alxf-2.14 Firefox/3.6.28

[Fulvio]

Other than knocking Mozilla(and Chrome) silent update policy, what is this post doing here?
As far as I am concerned, I do get info about available updates, mostly through Secunia PSI, and this update has not come up. I was able to download it, to my Desktop. When, I clicked on the Installer,I had to uncheck a box,which would have led me to install unwanted software (don't they all do it?). And, I had the choice, like Mozilla has had all along, to select to be informed when there are updates, although the silent update is recommended.
So far, I have had no silent updates from either any Mozilla or Chrome products. I know how to block them.

UserAgent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120312 Firefox/11.0 SeaMonkey/2.8

[Antony]

Other than knocking Mozilla(and Chrome) silent update policy, what is this post doing here?

Flash Player is an important plug-in for browsers.

Flash Player will join Mozilla (and Chrome) on silent updating.
Also from what I read, Adobe's Flash player's updating won't be like Mozilla's “just do it” stealth style approach, which in my opinion is worth pointing out.

UserAgent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.7; en-US; rv:1.9.2.28) Gecko/20120306 AlexaToolbar/alxf-2.14 Firefox/3.6.28

[ncd]

Other than knocking Mozilla(and Chrome) silent update policy, what is this post doing here?

Flash Player is an important plug-in for browsers.

Flash Player will join Mozilla (and Chrome) on silent updating.
Also from what I read, Adobe's Flash player's updating won't be like Mozilla's “just do it” stealth style approach, which in my opinion is worth pointing out.

FWIW, I believe the bug fixes make the previous version of Flash acceptable. That is the version I've stuck with, instead of moving to 11.2.xxx

NPSWF32. DLL Version_10.3.183.18

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19pre) Gecko K-Meleon/1.6.0

[Fulvio]

I knew what the Flash update was for, but I was questioning the correctness that Mozilla will do silent updates, with no way to control them. This is completely untrue, so far. I have, never, had an update which I did not want. Seamonkey has the setting in Edit|Preferences|Advanced|Software Installation which can be set to check for updates, and there is a box which may be checked, by default, to download and install updates. I have unchecked the box, from day one. Firefox is a bit different, with the setting being: Tools|Options|Advanced|Updates| with two choices, in addition to the silent update. I, always, used the middle choice. Thunderbird uses the same path, except that the wording is slightly different.
As for Chrome, I don't use it much, but, for a while I was able to disable the silent updates.
Now, if there are differences in Macs, I cannot comment, but let's stick to the truth, please.

UserAgent: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20120312 Firefox/11.0 SeaMonkey/2.8