Adobe Flash enables auto-updating while patching two critical flaws

SophosLabs: Adobe released Flash Player version 11.2.202.228 for Windows, OS X and Linux today. In my view this is a milestone release as it finally introduces an automatic, silent updating mechanism to help users stay current with the latest releases from here forward.

Google Chrome users may consider themselves spoiled, as they have been enjoying the worry-free joy of automatic updating of both their browser and integrated plugins like Flash Player for quite some time.

To obtain the latest Flash Player you should visit http://get.adobe.com/flashplayer. Windows users will be presented with a new dialog box during installation prompting them to enable automatic updating.

I highly recommend choosing the option “Install updates automatically when available (recommended)” as there is nearly no downside with keeping your Flash Player up to date.

In addition to the new updater, this Flash update fixes two critical Flash vulnerabilities. The fix for CVE-2012-0772 addresses a memory corruption vulnerability that could lead to remote code execution on Windows 7 and Vista computers.

CVE-2012-0773 is also fixed in this release and addresses another memory corruption bug that can result in remote code execution on all Flash Player platforms.

Leave a Comment

Your email address will not be published. Required fields are marked *