7 Replies Latest reply: Apr 15, 2012 10:32 PM by roversrock RSS

    being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome

    roversrock

      Just prompted by Adobe that an upgrade to Adobe Flash Player is available – within the bullets say includes security enhancements.


      Two weeks ago I was made aware that there were security vulnerabilities with Flash.  My laptop was infected (3/26).  One of the recommendations from my anti-virus software company was to keep all Adobe products updated, especially Flash.  Also, I was given the recommendation to consider choosing a less common browser than IE; he used Google Chrome which has its own security features.  I had used Chrome once before when it was beta but downloaded the new Chrome, set security settings and testing it out.  A few days later, someone I know also in the IS community said their company (a large international company) is uninstalling all Adobe products from all of their employee computers completely.


      In reading the Developer Release Notes, this upgrade is for v11.2.202.228.

       

      The Adobe Flash website section detects I have v11.2.202.229 installed.  The latest version listed underneath was .228.  I questioned how I could have a newer, higher number, version if .228 is the latest release? This was odd, needed an answer and to verify I was current.


      In reading the Security Bulletin, it says… “These priority 2 updates address critical vulnerabilities in Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 11.1.111.7 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system… … …Adobe recommends users of Adobe Flash Player 11.1.102.63 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.228 … … ...can install the update via the update mechanism within the product when prompted. Google Chrome will be updated automatically, so no user action is required. Google Chrome users can verify that they have updated to Google Chrome version 18.0.1025.151, which includes Adobe Flash Player 11.2.202.229.


      This answered my question.  I am current…and then I found an Adobe forum thread asking if 11.2.202.229 files installed in the correct place.  I am deducing from the bulletin that the v.229 is designed with content or files specific for Google Chrome. And I am also deducing I was prompted that a new update is available because Flash Auto Update is looking for any version other than or is “not v.228” and not looking for “both v.228 AND v.229 files” on one’s computer? Concluding that I should ignore this prompt, check “do not remind me about this update” now and in the future if using Chrome [but I would still always need to verify Flash has been updated on my computer or verify I have the latest version of Google Chrome, before ignoring]? And if I do choose not to continue using Google Chrome (uninstall), I should then resume with manual updates.  Please provide feedback.


      If true, my recommendation to Adobe would be to design the Flash Auto Update to search for *all* versions related to the latest release to avoid a false prompt from appearing and/or *also include within the text of the standard Auto-update prompt’s window the same verbiage as within the Security Bulletin (which is not normally read by users) regarding Google Chrome, directing that no user action is required. It may or may not be harmful for someone to proceed with installing v.228 when they already have v.229… meanting it may not delete or replace any important files specific to Google Chrome and protecting against security vulnerability as it might be that .229 may only have a few additional files. *Another recommendation would be that both the .228 and .229 v for Google Chrome be listed as the latest release on Adobe Flash website page and release content.  This may have been a timing issue.  Google/Adobe might want to re-consider the timing/order in which they deploy their versions or re-consider the auto-update feature within Google Chrome all in itself to avoid confusion, avoid the need to then verify it anyway afterwards (an added step in itself) and avoid Google Chrome users that are completely unaware of this and what action to take, from updating to a different incompatible version that could possibly conflict with the requirements of Google Chrome or its security.  However, everything would be resolved by the first recommendation.  I did wonder why I just got prompted today for a release on March 28th, but luckily it looks like I have the latest version.  And I did find it interesting how I noticed underneath the install for Adobe AIR that you may have to disable your anti-virus before installing.


      I look forward to your feedback to my question confirming whether or not I should just to ignore this update.  In effort to prevent PCs from future attacks, I provided my feedback and recommendations.  Thank you.


        • 1. Re: being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome
          chris.campbell Adobe Employee

          As you noted, Chrome uses a built in version of the player.  New updates of Flash will be automatically downloaded by Chrome when it updates itself.  Flash Player for Chrome will not notify you for updates.  Manually downloading or updating Flash Player from Adobe will not affect Chrome's installation of Flash Player.

           

          Many machines have multiple versions of Flash Player installed.  For example, on my system I have Chrome's version, the plugin version (for Firefox and other applications), and the Active X version for Internet Explorer.  I suspect you might be getting notified for one of these versions.  Can you check to see if the following folders are present and list out the files they contain?

           

          c:\windows\system32\macromed\flash

          c:\windows\syswow64\macromed\flash (if you are using windows 7 64-bit)

           

          If you'd like to only use the version of Flash provided by Chrome, please use the uninstall steps for Flash Player detailed in this help document:

           

          http://helpx.adobe.com/flash-player/kb/uninstall-flash-player-windows.html

          • 2. Re: being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome
            roversrock Community Member

            Hi thanks, I have Vista 64 bit. Both of these directories or folders exist. Here are the files they contain.

             

             

             

            \System 32\:

             

            Flash64_11_1_102.ocx

             

            FlashUtil64_11_1_102_ActiveX.dll

             

            FlashUtil64_11_1_102_ActiveX (2/19/2012)…v11.1.102 so should I install.

             

            FlashInstall

             

             

             

            \SysWOW64\:

             

            Flash9f.ocx

             

            Flash11f.ocx

             

            FlashUtil9f (10/16/2008)

             

            FlashUtil11e_ActiveX (2/6/2012)

             

            FlashUtil11f_ActiveX (2/16/2012)

             

            FlashUtil11f_ActiveX.dll

             

            FlashInstall

             

            install

             

             

             

            Chrome was installed after 3/26.  I am guessing these are for Active X for IE and they don’t look like the latest version. As I mentioned, when I checked with Adobe to see what version is running on my system it only displays the latest version for Google Chrome which is a current one.  So one (a user) wouldn’t know of the other versions that need to be updated.  You are correct that I thought there was only one version on my system.  Thanks for informing me, I didn’t even search or think of that.  If I forcefully download the update anyway, will it update both of these directories? 

             

             

             

            Also when you say, “Manually downloading or updating Flash Player from Adobe will not affect Chrome's installation of Flash Player.” I realize moving forward it wouldn’t affect future Chrome installs but did you also mean downloading .228 when I have .229 will not affect this currently the installed version?..…if built-in, does Google Chrome store any files on my system or is it completely built-in?

            • 3. Re: being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome
              chris.campbell Adobe Employee

              Chrome is completely separate.  If you had installed .228 it would not have changed Chrome's plugin at all.  Chrome stores all of it's files in a different place.  The only thing shared are the user settings and cache.

               

              Do you by chance have an HP printer driver installed?  You've got some older versions of Flash player in your folder that lead me to believe you have other software using it.

              • 4. Re: being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome
                roversrock Community Member

                OK good.

                 

                 

                 

                Yes I do, driver for HP Officejet Pro 8500 A909g Wireless.  Please advise.  I noticed they were older versions in these folders and not comfortable.  Would like to know if downloading the update will take care of both directories or not – or instead must use another method.  How do you recommend I proceed?

                • 5. Re: being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome
                  roversrock Community Member

                  Update: Your question made me think if I have any more software using Flash that may have created these folders.  I have Adobe Photoshop Elements 7.0 that may use Flash.  It seems so.  I wasn’t sure, did some google searches and it seems true.  I launched the app and immediately was prompted that Photoshop.com requires I update. I suspected it was a fix to address security issues:

                   

                   

                   

                   

                  Adobe Photoshop Elements 7.0.3 update

                   

                   

                  The Adobe® Photoshop® Elements 7.0.3 update will install a patch on top of Adobe Photoshop Elements 7. It provides updates to applicable membership services and some important security fixes. < < <- - - -  here

                   

                  Status - Downloaded patch and got msg “applied successfully”. Files in folders remain older versions though.

                  • 6. Re: being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome
                    chris.campbell Adobe Employee

                    I'm not sure if Elements uses Flash.  If I had to guess I would say no, it most likely uses AIR instead.

                     

                    I have heard numerous reports that HP uses an older version of Flash Player, usually version 9.x.  I'd recommend contacting them to see if this can be removed and if they can use 11.2 instead.

                    • 7. Re: being prompted to update Flash, ignore?  v11.2.202.228 and v11.2.202.229 Google Chrome
                      roversrock Community Member

                      I will have to call HP support to check and get back with you.  And will need for them to tell me if it is OK to upgrade it.         Elements’ as a software program may not use Flash, but the initial menu screen upon launch has some flash-type imagery going on.  So it may need to use it for that.