Comments on: Critical Flash Player Update Fixes 2 Zero-Days

By: JimV

JimV — Wed, 27 Feb 2013 18:31:59 +0000

When FH gives notice that an update to Adobe Flash is available, I make a point of looking at the “technical” tab first to see what the file size of the download for which it offers — today’s was an insulting joke at 64Kb, when the full installer is 15+Mb. Who knows what sort of junk crapware is being tagged with the post-stub download, or whether a user is even provided the option of a choice in its installation?

After the previous FH stub installer posting I made a reasoned explanation in my comment on their site about preferring a full installer file rather than a stub, and got roundly flamed by some fanboy jerk for “whining” about their service that were following a bundling-as-profit-center business approach, so ever since I’ve stopped blindly clicking on the summary download link for any of their notifications and generally just use the source vendor link for a direct download.

Adobe doesn’t easily or readily provide the key master version link Brian usually references in his posts on Flash updates, which I’m sure is intended to drive as many people as possible into downloading what they bundle (McAfee or whoever) so as to boost their own profit center revenues.

By: JCitizen

JCitizen — Wed, 27 Feb 2013 16:01:04 +0000

I just make sure and uncheck anything extra the installers try to put on the machine. FileHippo is too handy to not use it. The other updater tools out there, that I’ve tried are worse – especially CNET’s – that dad-gum thing IS malware!! :O

Here lately though, on Adobe, Brian beats my File Hippo by at least three days now – they’ve fallen down lately – but I must admit, these emergency patches are probably out of FIleHippo’s mission capability.

Even MajorGeeks, who are fairly well known to dispense with junk, now have stub installers with many of the handy utilities listed on their site. It is a grim reality of the money making needs of the sites – otherwise they will probably go away.

By: JimV

JimV — Wed, 27 Feb 2013 15:23:56 +0000

New Flash Player 11.6.602.171 version(s) released today, but beware of FileHippo — they are pushing a very small stub installer that will then download the Adobe variant which incorporates the McAfee add-in. Use the direct link Brian provides above to avoid both.

By: BrianKrebs

BrianKrebs — Fri, 15 Feb 2013 01:41:51 +0000

Dana, it just refers to a security vulnerability which the vendor finds out about at the same time as everyone else — when it is already actively being exploited to attack users. It means that the vendor has zero days notice to come up with a fix for the flaw.

By: Dana Westbrook

Dana Westbrook — Thu, 14 Feb 2013 23:35:13 +0000

Yes,

in reference to Zero-Day, can you explain to me exactly what this means in terms of computer hackers and technology?

Sincerely,
Dana W.

By: Rabid Howler Monkey

Rabid Howler Monkey — Sun, 10 Feb 2013 12:53:05 +0000

JimboC, no apologies are necessary. Look at it this way, it’s more likely that readers will understand what Adobe is up to with embedded flash content in Microsoft Office documents.

Cheers

By: JimboC

JimboC — Sun, 10 Feb 2013 11:35:49 +0000

Hi Rabid Howler Monkey,

You’re right, it is only a warning prompt. My apologies for the misunderstanding and for not noticing your prior mention of the same Adobe blog post.

Thanks for the clarification.

By: Richard Steven Hack

Richard Steven Hack — Sat, 09 Feb 2013 18:42:57 +0000

Agree about the stubs installers.

I got re-directed to Adobe which as usual prompted me to install the Linux versions whereas I’m looking for the Windows versions for client purposes. That really irritates me because Adobe does not make it easy to override that automatic detection.

I had the same problem with Google Chrome updates, until I found and saved the direct download links for the Windows versions.

There are times when “being helpful” via autodetection is not helpful.

By: Rabid Howler Monkey

Rabid Howler Monkey — Fri, 08 Feb 2013 23:57:45 +0000

“Adobe is working on a adding a sandbox for Flash content to Microsoft Office versions prior to 2010 to add another barrier for the attackers to overcome before their attack can begin.

JimboC, it’s not a sandbox. It’s just a prompt warning the user about executing flash content embedded in Microsoft Office document. Reread Adobe’s blog.

By: BrianKrebs

BrianKrebs — Fri, 08 Feb 2013 21:21:05 +0000

Yep, Chrome very often will update its built-in Flash player a day or more in advance of the official patch from Adobe, although prior to this update I experienced a few cases where they lagged Adobe’s advisories. Good to see that they’re back in front!