Just prompted by Adobe that an upgrade to Adobe Flash Player is available – within the bullets say includes security enhancements.
Two weeks ago I was made aware that there were security vulnerabilities with Flash. My laptop was infected (3/26). One of the recommendations from my anti-virus software company was to keep all Adobe products updated, especially Flash. Also, I was given the recommendation to consider choosing a less common browser than IE; he used Google Chrome which has its own security features. I had used Chrome once before when it was beta but downloaded the new Chrome, set security settings and testing it out. A few days later, someone I know also in the IS community said their company (a large international company) is uninstalling all Adobe products from all of their employee computers completely.
In reading the Developer Release Notes, this upgrade is for v18.104.22.168.
The Adobe Flash website section detects I have v22.214.171.124 installed. The latest version listed underneath was .228. I questioned how I could have a newer, higher number, version if .228 is the latest release? This was odd, needed an answer and to verify I was current.
In reading the Security Bulletin, it says… “These priority 2 updates address critical vulnerabilities in Adobe Flash Player 126.96.36.199 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system… … …Adobe recommends users of Adobe Flash Player 184.108.40.206 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 220.127.116.11 … … ...can install the update via the update mechanism within the product when prompted. Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 18.0.1025.151, which includes Adobe Flash Player 18.104.22.168.”
This answered my question. I am current…and then I found an Adobe forum thread asking if 22.214.171.124 files installed in the correct place. I am deducing from the bulletin that the v.229 is designed with content or files specific for Google Chrome. And I am also deducing I was prompted that a new update is available because Flash Auto Update is looking for any version other than or is “not v.228” and not looking for “both v.228 AND v.229 files” on one’s computer? Concluding that I should ignore this prompt, check “do not remind me about this update” now and in the future if using Chrome [but I would still always need to verify Flash has been updated on my computer or verify I have the latest version of Google Chrome, before ignoring]? And if I do choose not to continue using Google Chrome (uninstall), I should then resume with manual updates. Please provide feedback.
If true, my recommendation to Adobe would be to design the Flash Auto Update to search for *all* versions related to the latest release to avoid a false prompt from appearing and/or *also include within the text of the standard Auto-update prompt’s window the same verbiage as within the Security Bulletin (which is not normally read by users) regarding Google Chrome, directing that no user action is required. It may or may not be harmful for someone to proceed with installing v.228 when they already have v.229… meanting it may not delete or replace any important files specific to Google Chrome and protecting against security vulnerability as it might be that .229 may only have a few additional files. *Another recommendation would be that both the .228 and .229 v for Google Chrome be listed as the latest release on Adobe Flash website page and release content. This may have been a timing issue. Google/Adobe might want to re-consider the timing/order in which they deploy their versions or re-consider the auto-update feature within Google Chrome all in itself to avoid confusion, avoid the need to then verify it anyway afterwards (an added step in itself) and avoid Google Chrome users that are completely unaware of this and what action to take, from updating to a different incompatible version that could possibly conflict with the requirements of Google Chrome or its security. However, everything would be resolved by the first recommendation. I did wonder why I just got prompted today for a release on March 28th, but luckily it looks like I have the latest version. And I did find it interesting how I noticed underneath the install for Adobe AIR that you may have to disable your anti-virus before installing.
I look forward to your feedback to my question confirming whether or not I should just to ignore this update. In effort to prevent PCs from future attacks, I provided my feedback and recommendations. Thank you.