Skip the navigation

Adobe promises to keep patching Flash on mobile ... but doesn't say for how long

Releases final version of Flash Player for Android

November 11, 2011 06:36 AM ET

Computerworld - Adobe has promised to support the soon-to-be-orphaned Flash Player plug-in for mobile browsers, but has not said how long it will continue to patch security bugs in the software.

In a blog post Wednesday, Danny Winokur, the Adobe executive in charge of interactive development, said that the company would release one more version of Flash Player for Android and RIM's PlayBook before calling it quits.

That last version, labeled 11.1, shipped today.

Winokur, however, pledged that Adobe would keep patching some bugs in Flash Player.

"We will of course continue to provide critical bug fixes and security updates [emphasis added] for existing device configurations," said Winokur.

His mention of "critical bug fixes" may not mean much, as Adobe typically rates all its Flash security updates as "critical" across the board.

Another Adobe manager repeated that promise.

"Adobe will continue to ship security updates for Flash Player mobile after the final feature release," said Brad Arkin, the company's senior director of product security and privacy, in a message on Twitter Thursday.

But neither Winokur or Arkin spelled out how long Flash Player 11 security updates will be offered for smartphones and tablets. And on Thursday, Adobe's public relations staff declined to comment on a support timeline.

That struck Andrew Storms, director of security operations at nCircle Security, as odd.

"Why would they not tell us?" Storms asked. "That's to the detriment of everybody. If they make a date [for the end of support], that would get users off it sooner and force developers to get off Flash, too."

Storms speculated that Adobe may not have yet decided, or that commitments -- such as to one or more mobile service providers -- may have tied their hands.

Adobe's support policies aren't any help in calculating Flash Player's remaining time because unlike Microsoft, which hews to a time-oriented support lifecycle -- five years for consumer products, ten for enterprise software -- Adobe does not. Instead, the company promises to support only the current major version and the one before that.

However, some times Adobe pulls the trigger early "as a result of changing market conditions and impact to customers," according to its website. Last February, for example, Adobe retired Flash Player 9 even though Flash Player 11 had not shipped, citing the former's five-year run and its paltry 2% market share at the time.

Adobe's handling of Shockwave Player may be a better clue: Although Shcokwave Player 11 was introduced in March 2008, Adobe is still pushing patches to users, most recently on Tuesday.

Ironically, Adobe did patch Flash Player Thursday, releasing 11.1 for not only Android but also desktop browsers on Windows, Mac OS X and Linux.

The update fixed 12 flaws, all considered critical, most of them memory corruption vulnerabilities.

Yesterday's update was the ninth this year for Flash Player, nearly double the number Adobe released in all of 2010.

Users running desktop browsers other than Chrome -- Google also updated its browser, which includes Flash Player, on Thursday -- can download the patched version from Adobe's site.

Android users can obtain Flash Player 11.1 from the Android Market.

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at Twitter@gkeizer, or subscribe to Gregg's RSS feed Keizer RSS. His e-mail address is gkeizer@ix.netcom.com.

Read more about Mobile Apps in Computerworld's Mobile Apps Topic Center.



Our Commenting Policies
Consumerization of IT: Be in the know
consumer tech

Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!