As Rich Mogull explained in “Security News: Flash Attacked, iPhone Exposed, Spyware Discovered” (7 June 2010), Adobe Flash suffered from a serious security vulnerability that had been exploited in the wild. Initially, the only way to protect yourself was to download the Flash 10.1 Release Candidate, but Adobe has now officially released Flash Player 10.1.53.64 to address 32 different security holes. Adobe has also released Adobe AIR 126.96.36.19910 to fix the same problems. You can read more about the updates in Adobe’s security advisory, but suffice it to say, we recommend you upgrade now.
To determine what version of Flash Player you’re running, visit the About Flash Player page (although, realistically, it’s unlikely that you’re up to date), and then head over to the Adobe Flash Player Download Center to download the latest version. You’ll get a disk image with an installer to run; you need to quit all running Web browsers before you click the Install button.
Figuring out what version of Adobe AIR is installed on your system (you’d have Adobe AIR installed if you use TweetDeck, or another Adobe AIR-based program) is annoyingly difficult; you have to look for the CFBundleVersion entry inside the Info.plist file stored at:
That’s craziness, of course, so if you’re using Adobe AIR at all, I’d recommend just downloading a new version from the Adobe AIR Download Center.
In the whole dustup between Apple and Adobe surrounding Apple’s decision to keep Flash out of the iOS, little has been said about how the addition of Flash would increase the security vulnerability of the entire platform. Situations like this, where Flash Player had critical vulnerabilities that were being exploited in the wild for some time before a fix was available, clearly support Apple’s position.