Oh look! Another Flash Player update to plug another critical security hole…
As I note over at ZDNet, this is the 21st such update in the last 22 months, and the third in the last six weeks.
For most of us, being completely Flash-free isn’t an option, and ignoring those update prompts can be hazardous to your personal security.
Fortunately, help is at hand.
What makes this week’s release different is that it finally includes an automatic updater, so you no longer have to worry about manually updating this ubiquitous utility.
The new feature is included in version 11.2.202.228. Here’s what you see in the Flash settings Control Panel app after installing the latest update.
To check which version of Flash Player is installed on your PC, visit this page:
If you don’t have the most recent version, download it here:
But watch out for extras that Adobe might try to install along with Flash Player. The manual installer often includes browser toolbars, virus scanners, and other potentially unwanted software. And these days Adobe is selling ad space for a “system optimizer” that will find nonexistent “critical problems” on your PC and try to scare you into paying to “fix” the errors.
I’ve got the ugly details here:
Adobe’s latest critical security update pushes scareware
One way to avoid the entire sordid mess is to use the free Flash installer at Ninite:
https://ninite.com/flash-flashie/
Adobe gets enough bad press for the security flaws and performance problems associated with Flash. The fact that they pull stunts like this suggests they just don’t care about their reputation.
Ed Bott (@ wordpress.com) 
I saw this too, and turned it on. All updates should have an option to be completed unseen. It’d be something I’d turn on for all machines I touch. Far to many folks just never ever bother with updates, so if I could ensure they are done without interaction, then I’d be less worried. I guess next is Java????
If Adobe is prone to install crapware along with Flash, etc; how can they be trusted enough to allow “automatic” updates? Not by me they aren’t.
Any idea if the updates still require admin rights?
Allowing auto updates is a very dangerous and dumb idea. Especially from Adobe. What makes you think that they will not shovel more scareware with their auto updates in the future?
Remember that earlier Flash versions allowed external access to cams and microphones and Adobe didn’t provide access to block this until they were caught?
The Flash cookie debacle while explained on a number of sites, tells only half of the story.
http://www.google.com/search?q=flash+cookies
The publicized Windows .sol directory:
Macromedia\FlashPlayer#SharedObjects kills the main set of cookies, but they can be recreated from the backup location:
Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
Both of which are outside the browser privacy settings. Sandboxing Flash which has been available in Chrome since DEC. 2010, is not currently available for either Firefox or IE
Sandboxing Flash for Firefox — Flash Player 11.2 beta 5 — works with Firefox 4 or later running on Window Vista or Windows 7 which makes the Redmond OS overlords smile but sucks for folks running XP.
As far as IE goes, on February 20, 2012 Brad Arkin, Adobe senior director of security, declined to set a timetable for putting Flash within a sandbox inside IE.
http://www.isssource.com/ie-sandbox-next-for-flash-player/
and I’ll bet it will only work on the latest version of IE requiring windows 7. I could be wrong here and they will make it available for XP, but with Microsoft’s track record and Adobe’s I doubt it.
Aside from the number of ‘critical’ updates, Flash being the only program that I have seen that requires external website access rather individual local control, to change settings should make everyone pause.
Flash should be considered spyware and used with extreme caution based on their privacy violating track record.
As far as reputation is concerned, I don’t think Adobe really cares.