Adobe streamlines Flash Player updates by going silent
And it drops Flash support for Microsoft's IE6
Computerworld - Adobe yesterday released Flash Player 11.2, adding silent updating to speed patching of "zero-day" vulnerabilities in the Windows edition.
"Improving the update process is probably the single most important challenge we can tackle for our customers at this time," Peleus Uhley, a senior security researcher at Adobe, said in a Tuesday blog entry.
On Windows -- silent update will come to the Mac later, the company said -- Flash Player 11.2 checks for security updates, then downloads and installs them without bothering the user.
The background update tool pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later.
The updater's default setting can be changed so that Flash Player continues to notify the user when updates are available.
Like Mozilla's Firefox, which is also working toward silent updates, Flash Player relies on a customized Windows service to automatically install patches without displaying a User Account Control (UAC) prompt in Windows Vista and Windows 7.
Flash Player 11.2's background updater refreshes both versions of the Windows plug-in: The one used by Microsoft's Internet Explorer and the one for all other browsers. "This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other browsers," Uhley said.
Chrome is the exception, since Google's browser includes Flash Player; Chrome's own update mechanism will continue to handle Flash patches.
Everyone could use a break from manually patching Flash Player. Adobe has already rolled out two batches of fixes this year, most recently on March 5, and it patched Flash nine different times in 2011.
Uhley cautioned that not every update would use the new mechanism.
"We will be making the decision to silently install on a case-by-case basis," said Uhley, who hinted that it would primarily be used to distribute patches for zero-day vulnerabilities where time is of the essence.
Adobe acknowledged that it's following Chrome's footsteps in silent updating. "This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach," said Uhley. "We are hoping to have similar success."
Also yesterday, Adobe said it was demoting Flash Player on Internet Explorer 6 (IE6), the browser that Microsoft has been trying to kill for more than two-and-a-half years.
"Adobe will be dropping support for Internet Explorer 6 starting with today's release of Flash Player 10.3," said Uhley.
Future versions of Flash Player 10.3 will probably run on IE6 -- installation of the ActiveX control on the nearly-11-year-old browser won't be blocked -- but Adobe will no longer guarantee that Flash will work on the aged application.
Flash Player 11.2 for Windows can be downloaded from Adobe's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts