This article originally appeared in TidBITS on 2010-06-11 at 12:06 p.m.
The permanent URL for this article is: http://tidbits.com/article/11345
Include images: Off

Adobe Flash Player 10.1.53.64 Blocks 32 Security Holes

by Adam C. Engst

As Rich Mogull explained in "Security News: Flash Attacked, iPhone Exposed, Spyware Discovered [1]" (7 June 2010), Adobe Flash suffered from a serious security vulnerability that had been exploited in the wild. Initially, the only way to protect yourself was to download the Flash 10.1 Release Candidate, but Adobe has now officially released Flash Player 10.1.53.64 to address 32 different security holes. Adobe has also released Adobe AIR 2.0.2.12610 to fix the same problems. You can read more about the updates in Adobe's security advisory [2], but suffice it to say, we recommend you upgrade now.

To determine what version of Flash Player you're running, visit the About Flash Player [3] page (although, realistically, it's unlikely that you're up to date), and then head over to the Adobe Flash Player Download Center [4] to download the latest version. You'll get a disk image with an installer to run; you need to quit all running Web browsers before you click the Install button.

Figuring out what version of Adobe AIR is installed on your system (you'd have Adobe AIR installed if you use TweetDeck, or another Adobe AIR-based program) is annoyingly difficult; you have to look for the CFBundleVersion entry inside the Info.plist file stored at:

/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/

That's craziness, of course, so if you're using Adobe AIR at all, I'd recommend just downloading a new version from the Adobe AIR Download Center [5].

In the whole dustup between Apple and Adobe surrounding Apple's decision to keep Flash out of the iOS, little has been said about how the addition of Flash would increase the security vulnerability of the entire platform. Situations like this, where Flash Player had critical vulnerabilities that were being exploited in the wild for some time before a fix was available, clearly support Apple's position.

[1]: http://db.tidbits.com/article/11324
[2]: http://www.adobe.com/support/security/bulletins/apsb10-14.html
[3]: http://www.adobe.com/software/flash/about/
[4]: http://get.adobe.com/flashplayer/
[5]: http://get.adobe.com/air/