Thoughtful, detailed coverage of the Mac, iPhone, and iPad, plus the TidBITS Content Network for Apple consultants.

Adobe Flash Player Blocks 32 Security Holes

As Rich Mogull explained in "Security News: Flash Attacked, iPhone Exposed, Spyware Discovered" (7 June 2010), Adobe Flash suffered from a serious security vulnerability that had been exploited in the wild. Initially, the only way to protect yourself was to download the Flash 10.1 Release Candidate, but Adobe has now officially released Flash Player to address 32 different security holes. Adobe has also released Adobe AIR to fix the same problems. You can read more about the updates in Adobe's security advisory, but suffice it to say, we recommend you upgrade now.

To determine what version of Flash Player you're running, visit the About Flash Player page (although, realistically, it's unlikely that you're up to date), and then head over to the Adobe Flash Player Download Center to download the latest version. You'll get a disk image with an installer to run; you need to quit all running Web browsers before you click the Install button.

Figuring out what version of Adobe AIR is installed on your system (you'd have Adobe AIR installed if you use TweetDeck, or another Adobe AIR-based program) is annoyingly difficult; you have to look for the CFBundleVersion entry inside the Info.plist file stored at:

/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/

That's craziness, of course, so if you're using Adobe AIR at all, I'd recommend just downloading a new version from the Adobe AIR Download Center.

In the whole dustup between Apple and Adobe surrounding Apple's decision to keep Flash out of the iOS, little has been said about how the addition of Flash would increase the security vulnerability of the entire platform. Situations like this, where Flash Player had critical vulnerabilities that were being exploited in the wild for some time before a fix was available, clearly support Apple's position.


Make friends and influence people by sponsoring TidBITS!
Put your company and products in front of tens of thousands of
savvy, committed Apple users who actually buy stuff.
More information: <>

Comments about Adobe Flash Player Blocks 32 Security Holes
(Comments are closed.)

John Baxter  2010-06-11 13:14
Oops--RC was indeed about page just shows 10.1 as the version we should have.

Previously, I asked: Did Adobe reissue 10.1 RC 7 as 10.1, or did they fail to change the full version from 10.1 RC 7's value of
Adam Engst  An apple icon for a TidBITS Staffer 2010-06-11 13:06
I suspect the latter - it was a release candidate, after all. But I don't know for sure.
Michael Schmitt  2010-06-11 18:10
To view the version of a framework such as Adobe AIR, launch the System Profiler (option-Apple Menu > System Profiler).

Then select Software > Frameworks.
Chris Pepper  An apple icon for a TidBITS Staffer 2010-06-11 18:53
Much easier and more life-improving option: Use ClickToFlash in Safari, and/or a Firefox Flash blocker if you use Firefox.
Norbert E Fuchs  An apple icon for a TidBITS Benefactor 2010-06-12 03:55
I had installed Flash Player 10.1 Gala, uninstalled it with Adobe's Flash uninstaller, and then installed the new Flash Player 10.1. Now Safari 5 tells me "Missing Plug-In" when I try to open a flash video. What could be the problem?

I have no problem opening flash videos in Firefox 3.6.3.
Norbert E Fuchs  An apple icon for a TidBITS Benefactor 2010-06-12 09:16
Please disregard my previous message. Flash 10.1 works on Safari 5. The problem I had seems to be related to some other medium.