Android Jelly Bean won’t get Flash Player
As part of the slow death of Adobe's Flash Player, the company has announced it won't be making a certified version for Android's new 4.1 OS – aka Jelly Bean.
Adobe said on its blog that it won't be developing Flash for Android 4.1. The software company said it will also start taking steps to phase the player out of the Google Play Store by limiting access to updates to just those folks who already have it on their mobes. Read more...
Adobe fixes Flash Player for Firefox to stop crashes
Adobe yesterday updated Flash Player to solve a weeks-long problem for users of Mozilla's Firefox browser.
The update, Flash Player 11.3.300.262, was released Thursday and applies only to Firefox on Windows.
Since Adobe shipped an update to Flash Player to 11.3 two weeks ago, users of Firefox, including older editions as well as the current Firefox 13, had reported crashes when trying to access Flash content.
Initial suspicions at Mozilla pointed to Flash Player 11.3's new sandboxed plug-in for Firefox, but yesterday Adobe claimed that there were "different causes" for the crashes, which seemed to be concentrated on Windows Vista and Windows 7 machines. Read more...
Apple patches Safari, blocks outdated Flash Player
Apple on Wednesday patched four security vulnerabilities in Safari and blocked outdated versions of Adobe's Flash Player from running in its browser.
The Flash blocking move was similar to one Apple made last month when it stopped the Java plug-in from launching automatically.
Safari 5.1.7, which runs on OS X 10.6 and 10.7 -- Snow Leopard and Lion, respectively -- as well as on Windows XP, Vista and Windows 7, was released alongside another update for Lion that included a slightly-older version of the browser. Lion users must download and install both updates to push Safari to version 5.1.7. Read more...
Adobe preps silent Flash updates for Macs
Adobe last week released a new beta of Flash Player that includes silent updates for Macs.
Adobe first included silent updates for OS X in the Flash Player beta a month ago; the version shipped Friday was tagged as "Beta 3."
Adobe introduced silent updates for Flash Player on Windows in late March. At the time, the company committed to creating the same feature on OS X, but did not set a timetable. Read more...
Adobe to Linux users: Get Chrome or forget Flash
Adobe today said that it would stop offering direct downloads of Flash Player for Linux, telling users to move to Google's Chrome browser, which bundles Flash with its updates.
Today's demotion of Flash Player on Linux to Chrome-only was the second time in the last three months that Adobe has withdrawn some or all support from a version of the popular media software: In November, Adobe announced it was abandoning development of Flash for mobile browsers, including the new Chrome for Android .
In a roadmap for Flash Player (download PDF), Adobe unveiled its plans through 2012 and into 2013.
The last version of a separate Flash Player for Linux, 11.2, will be released this quarter, Adobe announced in the roadmap document. After that, Linux users who require browser-based Flash must switch to Chrome, Google's three-year-old browser. Read more...
Adobe confirms new zero-day Flash bug
Adobe on Wednesday patched seven critical vulnerabilities in Flash Player, including one reported by Google researchers that hackers are using in "active targeted attacks." The bug attackers have been exploiting is a cross-site scripting (XSS) flaw in the Flash Player plug-in used by Microsoft's Internet Explorer (IE).
"This update resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or Web mail provider, if the user visits a malicious website," read the Adobe security advisory that accompanied yesterday's Flash update. "There are reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message." Read more...
Adobe launches sandboxed Flash Player for Firefox, hopes for fewer exploits
Adobe has released a beta version of Flash Player for Firefox, which has better protection against vulnerability exploits because of a new sandboxed architecture.
"The design of this sandbox is similar to what Adobe delivered with Adobe Reader X Protected Mode and follows the same Practical Windows Sandboxing approach," said Peleus Uhley, platform security strategist at Adobe, in a blog post on Monday. "Like the Adobe Reader X sandbox, Flash Player will establish a low integrity, highly restricted process that must communicate through a broker to limit its privileged activities."
In secure software development, sandboxing refers to the practice of isolating a process from the operating system in order to minimize the fallout of a potential exploit. This type of technology has gained popularity in recent years, primarily because of its use in Google Chrome, a browser that has never experienced a successful remote code execution attack so far. Read more...
Adobe Systems launches Flash Player 11 and Air 3
Adobe Systems announced on Wednesday the release of Flash Player 11 and Adobe Air 3 software to help developers build more sophisticated applications, with dozens of new features across smartphones and tablets as well as desktop computers.
The releases are Adobe's biggest in two years and will be available free of charge in early October, said Anup Murarka, Adobe's director of product marketing. The related tools, Flash Builder and Flex, will support new features in Flash Player 11 and Adobe Air 3 by the end of the year.
The releases will enable delivery of 2D and 3D games over the Internet to various devices, Murarka said. Developers of enterprise applications will also find the 3D capabilities popular for data-centric apps. Enterprises, for example, will be able to build application dashboards to "visualize complex data sets" with 3D images, he said. Read more...
Hackers exploit Flash bug in new attacks against Gmail users
Adobe today confirmed that the Flash Player bug it patched Sunday is being used to steal login credentials of Google's Gmail users.
The vulnerability was patched yesterday in an "out-of-band," or emergency update. The fix was the second in less than four weeks for Flash, and the fifth this year. A weekend patch is very unusual for Adobe.
"We have reports that this vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message," said Adobe spokeswoman Wiebke Lips in response to questions today. "The reports we received indicate that the current attacks are targeting Gmail specifically. However, we cannot assume that other Web mail providers may not be targeted as well." Read more...
Adobe Flash Update Puts Users in Charge of Privacy
Adobe has released an important update to its Flash Player software that fixes critical security flaws and gives users a better way of controlling whether they are being tracked on the Web.
The Flash Player 10.3 update, released Thursday, lets users manage Flash cookies using their browser's privacy settings or through a new control panel. Flash cookies, also called "Local Stored Objects," have been a sore spot for Adobe users since 2009, when researchers showed they were being used extensively to track Web surfers. The problem is that Flash cookies historically have been hard to remove, unlike traditional cookies, and some sites have used them to track users who have wanted to block cookies.
Cookies are small snippets of text, stored on the computer, that websites use to identify repeat visitors. Read more...