I have it set to automatic update on my parents pc, the date of update is usually 1 day after release.
I can't find the original release that described the issues in more detail. It seemed to be more about bug fixes than security issues. Is the new '12' version larger in size ? I'm getting sick of updating Flash, the larger the file grows and the more features added, the more vulnerabilities. Software should be made in a way that does not require security updates. I just want to leave my systems alone ...
This is what I found in the link in my post #75: These updates resolve a vulnerability that could be used to bypass Flash Player security protections (CVE-2014-0491). These updates resolve an address leak vulnerability that could be used to defeat memory address layout randomization (CVE-2014-0492). Here is an article on what's new in v12: http://news.softpedia.com/news/Adobe-Flash-Player-12-Beta-Released-for-Download-400461.shtml Not sure what v11 was, but the v12 installers are about 16,5 to 17 MB. They have indeed grown quite a lot since the last year. Not very likely that is going to happen, everything built by mankind can be broken by mankind..
Vulnerability identifier: APSB14-04 http://helpx.adobe.com/security/products/flash-player/apsb14-04.html
The vulnerability fixed in this new update may be an actively used zero-day vulnerability abused by the new multiplatfrom Mask bootkit: https://twitter.com/markloman/status/430769516029943808
Adobe Pushes Fix for Flash Zero-Day Attack Adobe Pushes Fix for Flash Zero-Day Attack dated Feb 4, 2014 1:22PM by Brian Krebs. Affects Windows, Mac, and Linux. -- Tom
Security updates available for Adobe Flash Player | Vulnerability identifier: APSB14-07 http://helpx.adobe.com/security/products/flash-player/apsb14-07.html
More information regarding this exploit at Fireeye.. It gives the detailed information regarding the sytems being exploited, how it can be mitigated at first place (ofcourse underlying problem would remain still) http://www.fireeye.com/blog/technic...omised-serving-up-flash-zero-day-exploit.html Once again, using latest versions of the software packages should reduce the chance of being exploited to a certain extent..
The ActiveX standalone .exe installer from the unmentionable URL is still at 12.0.0.44. Thanks siljaline .
The unmentionable URL is now current as that's were I've been updating from of late & you're most welcome
Adobe releases emergency Flash update amid new zero-day drive-by attacks http://arstechnica.com/security/201...sh-update-amid-new-zero-day-drive-by-attacks/
I downloaded from the link and find that I now have: "shockwave for director 12.1.0.150" which is new, but I still have "shockwave 12.0.0.44" which I had before. Is this correct? I assumed that the new would replace the old. J Edit: OK, they were two different things, I only had Flash before, now I also have Director, do I "need" it? There doesn't seem to be any waay to delete it.
You have the latest version. I see no reason to keep the older version. http://get.adobe.com/shockwave/
Security updates available for Adobe Flash Player Release date: April 8, 2014 Vulnerability identifier: APSB14-09 Priority: See table below CVE number: CVE-2014-0506, CVE-2014-0507, CVE-2014-0508, CVE-2014-0509 Platform: All Platforms http://helpx.adobe.com/security/products/flash-player/apsb14-09.html
Adobe AIR has also received an higher build increment - for those that run AIR http://get.adobe.com/air/