Tag: Flash player update

The Update Burden Getting Too Much on Computer Users

We have already emphasized enough on the importance of updates for computers regularly, in our previous articles. However, in the past few months the number of updates have been growing oddly burdensome to the average user. The number has grown to such extent that keeping up with the updates is turning into a second job. The Patch Tuesday is no more significant as you may expect a critical security update releasing today midnight or a set of updates the next day, giving you no time to plan. You miss them and might fall prey to the security breach – and the software vendor will simply point out your failure of not staying updated.

The software vulnerability and the updates
The updates are too technical to understand. But in simple words – a software, like the windows or the browser, is made of millions of lines of programming code. The more the features in the software, the more it adds upto to the programming code. Errors are inevitably made, while typing out these millions of lines or patching them to work together, thus leaving vulnerabilities in the software. Hackers, these days, have become more sophisticated in finding out these vulnerabilities proactively. The software vendor also works proactively to patch up the vulnerability before the hacker exploits it. These patches are released as security updates of the software.

Increasing number of updates
For the lack of a better metric lets compare the number of security bulletins released for Windows between January and April in the past 3 years, respectively. It was 16 in 2009, 29 in 2010 and 34 in 2011. As you can see, they kept increasing every year. This is not the case with just Windows. A typical Windows user will be using the following applications in common:

  • Mozilla Firefox
  • Mozilla Thunderbird
  • Adobe Flash
  • Adobe Reader
  • Java Console
  • Google Chrome
  • And then an antivirus or a PC protection software

And all these applications are as vulnerable as the Windows itself. And their vendors are also as proactive to release patches. And every time each of them releases an update the user will have to first download it from Internet and then patch it up with the main application. Of course each of them has a user friendly mechanism to update, but do you know what it takes to patch them all? Apart from time taken to patch, they will also consume your broadband till they are downloaded and the CPU memory till they patch up. The average sizes of each of these software updates and the number of times they were released this year are as follows:

  • Mozilla Firefox – 1.6 to 2.8 Mb (Updated 4 times in 2011 till date)
  • Mozilla Thunderbird – 1.6 to 2.8 Mb (Updated 3 times in 2011 till date)
  • Adobe Flash – 2.0 to 3.0 Mb (Updated 4 times in 2011 till date)
  • Adobe Reader – 10.0 to 18.0 Mb (Updated 1 time in 2011 till date)
  • Java Console – 17.0 Mb approximately (Updated 2 times in 2011 till date)

Windows updates range from 17 Mb to around 900 Mb and above. Google Chrome is little tricky to measure. It is even little creepy to have an application like Chrome that connects to its maker, downloads and patches up – all by itself, without even the knowledge of the user. But it still consumes your broadband and CPU memory.

The antivirus or PC protection software updates are little different from the above. They download security definitions everyday. Few vendors like Norton Internet Security, provide real time updates which keep updating more than 10 times a day. However, if all the software applications installed in your PC are perfect, why will one require to maintain a PC protection software or update its definitions daily.

Overall, we can see that lots of time and energy of the user is consumed here, apart from the broadband. In previous year, a report released by Secunia says that a typical Windows user patches for every 5 days. The days might remain the same, but the amount of time taken has definitely increased. Few times, multiple updates may come up within one week itself.

More and more people are finding it uncomfortable to track and do the updates continuously. Where could be the actual problem? Are the hackers getting intelligent or the software vendors getting stupid? Whatever it may be, the updates job is very exhausting and getting even worse.

Critical Vulnerabilities Patched in New Version of Adobe Flash Player

In the security bulletin released on 12 May 2011, Adobe announced to have fixed critical Flash player bugs of version 10.2.159.1 and earlier for Windows, Macintosh, Linux and Solaris, 10.2.154.28 and earlier for Chrome and 10.2.157.51 and earlier versions for Android. These vulnerabilities could cause the application to crash and also potentially allow an attacker to take control of the affected system.

Adobe also reported to have heard about a malware exploit, through a Flash (.swf) file embedded in a MS Word (.doc) or MS Excel (.xls) file delivered as an email attachment, targeting the systems running on Windows OS. So make sure you are not opening attachments from unknown emails until you update flash.

The new versions for various platforms are as follows:

  • For Windows, Macintosh, Linux and Solaris OS – 10.3.181.14
  • For Android – 10.3.185.21

The Flash player for Chrome has been updated via the new version 11.0.696.68. Other users can use Flash Player Download Center to get the latest version. For Android users, the update is available in Android market place.

Adobe rates the severity of the vulnerabilities as critical and recommends to update newer versions at the earliest possible.

(more…)

New Chrome version released – 11.0.696.68

As expected, Google released its new version v11.0.696.68, after the claims from VUPEN security researchers to have pwned Chrome. The new version of Chrome comes with the updated Adobe Flash Player 10.3.

As a reply to the claims on pwn of Chrome, security researcher Dan Kaminksy said that if VUPEN used vulnerability in Flash to bypass sandbox, then it is not the Chrome hack alone. Another security researcher from Google Tavis Ormandy said in a Twitter post that “VUPEN misunderstood how sandboxing worked in chrome, and only had a flash bug.” Google is still researching on VUPEN claims.

The new Chrome version addresses two high risk security vulnerabilities – corrects integer overflows in VSG filters and bad casts in Chromium WebKit glue and the bug fixing of Flash player plugin. Google also added the new ClearSiteData API in Chrome, so that users can manage and remove Flash cookies (Local Shared Objects).

Importance of Updating Adobe Flash Player

Flash has enabled the addition of animation, interactivity and video to web pages. According to a report, Flash as a format is used in around 95% of the PCs worldwide. Adobe Flash Player is very popular among the flash players with Adobe claiming that around 99.3% of the US web users having installed it in their web browsers. However, its popularity has gained the attention of the hackers who use it to exploit the PCs with outdated Flash player over internet. Accessing Internet with outdated flash players has some other issues too.

Issues with Outdated Adobe Flash Player
According to the report Flash Security Hole Advisory from security services provider Trusteer, 80% of users are using outdated flash player plugin. Accessing Internet with outdated flash player can leave you potentially vulnerable online. Using outdated flash player Activex and Plugin can cause browsers to crash or make them unstable while accessing web pages with rich content applications. It also allows an attacker to run some malicious code in your computer. It has become a common target for cyber-criminals, who exploit the vulnerabilities in outdated versions of flash players to silently infect web surfers with malware when visiting compromised websites.

In order to avoid exploitation on their PCs, Internet users have to update their flash player regularly.

Differences between Adobe Flash – Activex and Plugin
Internet explorer is default web browser in PCs with Windows OS. However, many users online may also use other browsers like Mozilla Firefox and Google Chrome. Adobe Flash Player has two different versions for different web browers. That is Adobe Flash Player Activex and Adobe Flash Player Plugin. Adobe Flash player Activex is used in Internet Explorer whereas Plugin is used in other popular web browsers like Firefox and Chrome. It is important to make sure that both the versions of Flash Players are updated to make your PC secure from any exploitations through flash player.

Checking if your Adobe Flash Player is Latest
There is a mechanism within web browsers to alert users whenever a new update for the Flash Player is available. However, you can use this link to know if your flash player is latest one or outdated.

http://kb2.adobe.com/cps/155/tn_15507.html