7 Replies Latest reply on Feb 26, 2012 2:37 PM by Carl E. Myers Jr.

    In deadlock after every release of security patch


      After a security patch release is available the user has to visit the download page which

      can "speak" only Flash using the vulnerable installation of Flash Player.

      That means the user must expose own system to attacks in order to download the patched version.

      What bad concept. Where is the Adobe specialist responcible for the concept?


      Please do not claim one can trust the Adobe server and download page.

      Nowadays, there is no one server nor url trustful.

      Certificate issuers are not trustfull - see accidents from few last months.

      So, the more the servers nor internet sides can be trustfull.


      And the link to offline installer does not work due to disabled flash player

      or for any other reason. See http://kb2.adobe.com/de/cps/191/tn_19166.html

      and the url placed there

      Flash Player 10 Plugin (Alle anderen Windows-Browser, wie etwa Firefox oder Google Chrome)


      User does not decide to enable vulnerable flash installation and is not able to update

      to the patched one. It is a dead-lock.