FlashPlayer
Latest
Adobe warns of 'critical vulnerability' in Flash
The general consensus on Adobe Flash is that it's no longer good for anyone. In 2010, Steve Jobs' wrote an open letter about the software, stating it fell short in many areas and wasn't ready for the mobile era. Facebook's newly appointed security lead, Alex Amos, added fuel to the fire recently by saying Adobe should announce an end-of-life date for Flash soon. And Adobe isn't helping its cause. To make matters worse, the company has now found a critical vulnerability in Flash Player which, if successfully exploited, "could cause a crash and potentially allow an attacker to take control of the affected system." According to Adobe's security bulletin, this issue affects version 19.0.0.207 (and earlier) on Mac, Windows and Linux computers, adding that it is aware of a report claiming the exploit is "being used in limited, targeted attacks." Adobe says it's working on a fix, and it could be available as early as October 16.
Google, Microsoft and Instagram rush to fix Flash flaw that could steal your data
Yet another critical security flaw has been found for Adobe's notoriously sieve-like Flash plug-in, this time by Google Engineer Michele Spagnuolo. His exploit tool, called "Rosetta Flash" is just a proof of concept, but could allow hackers to steal your cookies and other data using malicious Flash .SWF files. The exploit is well known in the security community, but had been left unfixed until now as nobody had found a way to harness it for evil. So how does this affect you? Many companies like Twitter, Microsoft, Google and Instagram have already patched their sites, but beware of others that may still be vulnerable. Adobe now has a fix, and if you use Chrome or Internet Explorer 10 or 11, your browser should automatically update soon with the latest versions of Flash, 14.0.0.145 (check your version here). However, if you have a browser like Firefox, you may want to grab the latest Flash version from Adobe directly (watch out for unwanted add-ons with pre-checked boxes). Finally, if you use apps like Tweetdeck or Pandora, you'll need to update Adobe AIR -- that should happen automatically, but the latest version is 14.0.0.137 for Windows, Mac and Android.
Adobe: Flash Player now sandboxed in Safari on OS X Mavericks
In a move that is designed to make playing Flash content on your Mac more secure, Adobe has announced that Flash Player is sandboxed in Safari on OS X Mavericks. A sandbox profile for the Flash plugin was created by Adobe for inclusion in the Webkit project, with Webkit being the browser engine behind the scenes in Safari. How does the sandbox profile work? It basically tells Webkit (and thus Safari) to allow the plugin to only read and write files to specific items, limiting just how much damage a malicious attacker could do when taking over control of Flash through a vulnerability. This keeps Flash-based infections from being able to persist for any length of time, and should also keep attackers from affecting other apps. Adobe's products, including Flash Player, the Reader program and Acrobat, used to be prime targets for attackers, but sandboxing and other security work has made them less attractive to the bad guys.
Unity stops offering Flash game engine licenses, cites a lack of Adobe love
The Unity 4 engine has given Flash gaming a lot of TLC by simplifying web ports of complex projects. If you ask Unity Technologies, however, that love isn't being requited -- and the company feels jilted enough to stop offering new Flash licenses, effective immediately. Adobe supposedly isn't committed enough to the plugin, having halted work on both a re-engineered Flash Player Next as well as an attractive revenue sharing model. Unity is equally concerned about the broader developer community shying away from Flash at the same time as its own plugin, Unity Web Player, has soared past 200 million installs. While those with existing licenses should have Flash support for as long as versions of Unity 4 are in the field, the exit is bound to have game creators scrambling to find alternatives for any future web-based titles.
Safari blocking outdated Flash plug-ins due to security holes
Adobe recently issued a security update for Flash Player which patches an exploit that gave hackers the ability to take over a vulnerable system. Not leaving things to chance, Apple is now rolling out a hotfix for Safari that blocks outdated versions of the tainted web plug-in. If your system hasn't been patched yet, you may receive a notification when attempting to access Flash-based content. The prompt will then advise that a new software version is available. If you're running OS X 10.6 (Snow Leopard) or higher and Safari is your browser of choice, you may want to nab this update from Adobe. Otherwise the next time you go online, the internet might be a far cry from what you're used to seeing.
Adobe releases emergency Flash update for OS X
Adobe released a security update for its OS X Flash Player that addresses a critical vulnerability being exploited in the wild. According to the Adobe advisory, the CVE-2013-0634 vulnerability targets OS X users running Firefox or Safari who encounter malicious Flash content on website. This vulnerability, detailed in the National Vulnerability Database, allows attackers to remotely execute malicious code on the user's computer. All OS X users should update to Adobe Flash Player 11.5.502.149. You can download this latest version from the Adobe Flash Player Download Center.
Flash finally sandboxed in Google Chrome for OS X
The fastest web browser on the Mac just got a little safer. With Chrome 23, Google has introduced a "sandboxed" version of the Adobe Flash plug-in, which helps prevent its use in exploits that could allow harmful code to be run without the user's knowledge. Computerworld reports that Google engineers rewrote the Flash plug-in to comply with its own PPAPI (Pepper Plugin Application Programming Interface) standard. It had previously used the older NPAPI (Netscape Plugin Application Programming Interface) standard. The OS X version of Chrome is actually the last to receive the PPAPI version of the Flash plug-in. It hit Windows platforms in Chrome 19 and Linux in Chrome 20. Chrome OS has had sandboxed Flash for more than a year. Chrome is the only mainstream Mac browser that ships with its own independent instance of the Flash plugin. Firefox, Opera and Safari all use Adobe's installable Flash Player, which can be updated and managed via System Preferences. Apple ceased bundling Flash Player on OS X back in 10.7 Lion, and starting with Safari 5.1.7 (released with OS X 10.7.4) the homegrown Apple browser will automatically disable Flash Player builds that are out-of-date or insecure.
Google touts improved Flash Player security in Chrome for Mac, says it's safer than ever
Needless to say, Adobe hasn't had the best of times when it comes to the overall reliability of its Flash Player on Apple-made devices -- so much so that Steve Jobs took it upon himself to write some thoughts about it a couple of years ago. Thanks to Google, though, Adobe can proudly say it's famed Flash Player is now more secure than it's ever been -- well, at least on Chrome. According to Google, both companies have been working closely since 2010 to find ways to improve the security aspects of the famed plug-in, noting that some of the most recent enhancements can now be found in the latest Stable release of the browser -- in which a novel plug-in architecture is used, allowing Flash to run "inside a sandbox that's as strong as Chrome's native sandbox." The Flash plug-in improvements within Chrome aren't just for Mac users, however, as Google has said Adobe's Player is now fully sandboxed on Windows, Linux and, of course, its own Chrome OS as well.
BBC Media Player to give Android users their iPlayer fix in a mostly Flashless world
Remember how the BBC was asking Adobe to keep Flash for Android on life support for a short while? The broadcaster just removed any doubts as to why with the launch of BBC Media Player, its solution for that day when the mobile plugin is well and truly buried. Starting with iPlayer on the mobile web and moving on to both radio as well as an updated version of the Android app due next week, the BBC will be using close Flash cousin Adobe AIR for streaming playback on Android phones and tablets. It can't quit Flash technology cold turkey given the sheer number of devices still running Gingerbread or earlier, which rules out HTTP Live Streaming for now. Media Player isn't necessarily the most elegant solution -- we're seeing reports of sub-par video and other hiccups -- but it will keep those episodes of Doctor Who rolling on most Android hardware and let the BBC push out updates that address as many of the Google-inclined as possible.
Google Chrome for Windows gets more secure Flash player, gives users a browsing sandbox safety net
Chrome turned 21 last week, and in that new version, Google's made playing Flash videos in its browser even safer... for Windows users, anyway. This latest release puts Adobe's Flash Player plug-in for Windows in a sandbox, much as Chrome 20 did for Linux. This sandbox is "as strong" as Chrome's extremely robust native version -- even in Windows XP -- which means that Flash-borne malware can't hurt Microsofties. Securing the Flash Player plug-in is the result of two years of work, and was made possible by a new plug-in architecture Google co-developed with Adobe. In addition to the security benefits, the architecture has also brought performance improvements by way of a 20 percent decrease in Flash crashes and GPU acceleration for smoother scrolling and faster Flash rendering. And, while the immediate good news is for Windows users, Google has assured us that a port for OS X is in the works, and it hopes to ship that Mac version soon.
Third betas of Adobe Flash 11.3, AIR 3.3 give peeks at low-lag audio and deeper iOS support
Adobe's famous desktop browser plugin may be looking forward to a 2013 overhaul, but that doesn't mean it isn't out to improve itself in the here and now. Flash Player's 11.3 beta, for instance, rolls in low latency audio support through NetStream, designed specifically to cut back audio lag in cloud gaming. The beta also introduces support for complete keyboard control when in full-screen mode, background Flash updating on Macs, and a Protected Mode for Firefox that keeps rogue Flash files from compromising Windows PCs using Vista or later. The AIR 3.3 beta, on the other hand, smooths the runtime's iOS experience, allowing compiled apps to run in the background more like their natively-compiled siblings. It's also friendlier to developers, with new USB debugging and simulator support that now doesn't require a physical device. Android 4.0 users aren't entirely left out, getting stylus support for AIR apps on their platform. Adobe hasn't said when the finished versions of Flash 11.3 and AIR 3.3 will reach its servers, but if you're willing to live life on the bleeding edge, you can find the download links below.
Google and Adobe team up to make Flash Player for Linux (updated)
Linux may no longer be getting any more fresh Air, but it's going to get a heaping helping of Flash thanks to a partnership between Adobe and Google. You see, Adobe the pair has been developing a new browser API to work with Flash, code-named "Pepper," to provide Flash Player 11.2 in Chrome on any x86/64 platform -- including Linux. From now on, Linux users will get new versions of Flash Player directly through the Pepper API in Chrome (as opposed to a download from Adobe), but Adobe promises to provide security updates for five years after its release. Don't believe us? Get the good news direct from Adobe at the source below.Update: To be clear, while this will keep Flash updated in Chrome, it's uncertain what this means for other browsers like Firefox, Konqueror and Midori.
Switched On: The year of reversal
Each week Ross Rubin contributes Switched On, a column about consumer technology. Back in 2005, Switched On dubbed its first full year of existence "The Year of the Switch" as IBM sold its PC business to Lenovo, Apple announced plans to leave the PowerPC platform for Macs and Microsoft moved to PowerPC processors for the XBox 360. But the dramatic reversals we saw in 2011 made even some of those decisions look tame by comparison.
BBC moves towards HTML5 for websites, tells Flash it'll still be friends
Even the British occasionally have to change with the times. Following a study stating that 80 percent of all web video is now compatible with HTML5, the BBC has formally adopted the standard for videos on the desktop and mobile versions of its website. The full roll-out across BBC.com follows a pilot program in which the broadcaster tested HTML5 on the Health section of the site. According to Electronista, the BBC has been working with HTML5 delivery systems throughout 2011 to build its iPlayer apps for the iOS. In other news, the BBC has just texted Flash and said it's totally open to staying friends and meeting up for coffee sometime.
Adobe Flash Player, Netflix streaming apps updated for Ice Cream Sandwich
Now that Ice Cream Sandwich is rolling out officially in the US on Verizon, it appears at least a few developers have seen the need to roll out Android 4.0-friendly versions of their software. Just as promised a (final?) version of Flash Player of Android has hit the market specifically to make sure ICS devices can get the "full" web. Meanwhile, in a less melancholy update, Netflix also updated its Watch Instantly app to work on Android 4.0, something we're sure on-the-go movie watchers will appreciate. If you've been lucky enough to get your hands on a Galaxy Nexus LTE, let us know if you're seeing any other apps that either have received or need to get an update to keep things working smoothly.[Thanks to everyone who sent this in]
Flash for Android not quite dead yet, will land on Ice Cream Sandwich by year's end
Those of you lucky enough to get your mitts on a Galaxy Nexus may have noticed something odd -- no flash in the champagne room Android Market. Turns out the latest edition of Adobe's multimedia plug-in isn't compatible with the newest version of Google's mobile OS. Don't panic just yet though, while the end is nigh for mobile Flash, it's still got one more release left in it and that will deliver ICS compatibility. Adobe told the folks over at Pocket-lint, "[it] will release one more version of the Flash Player for mobile browsing, which will provide support for Android 4.0." Or, if you're a glass half-empty type, ICS will be your last chance to browse the "full" web on Android. The final release of the mobile plug-in will also be accompanied by one last version of the Linux Porting Kit -- after that, you better hope HTML5 really hits its stride.
Adobe product manager fingers Apple for death of Flash Player for mobile
Adobe's battles with Apple haven't exactly been a secret over the past couple of years, but the death of Flash Player for mobile has once again brought that drama to the fore. Mike Chambers, a lead product manager for Flash, took to his personal site today to shed some light on Adobe's rapid descent, pointing the finger squarely at Apple's refusal to adopt the player in its mobile OS. He had this to say: This one should be pretty apparent, but given the fragmentation of the mobile market, and the fact that one of the leading mobile platforms (Apple's iOS) was not going to allow the Flash Player in the browser, the Flash Player was not on track to reach anywhere near the ubiquity of the Flash Player on desktops... Just to be very clear on this. No matter what we did, the Flash Player was not going to be available on Apple's iOS anytime in the foreseeable future. That combined with the "strong support for HTML5 across modern devices," was apparently enough to drive the final nail into Flash's coffin. Among other things, Chambers cited the use of apps instead of browsers for media consumption and the complexity of the mobile market as further reasons for Adobe's decision. He went on to say that Adobe has a "long term commitment to the Flash Player on desktops," but concluded by encouraging Flash developers to diversify their skill sets. For the very lengthy full-form version of Chambers' explanation, hit the source link below, but we'd suggest grabbing a drink before you do so.
Adobe releases final Flash Player version for Android, BlackBerry PlayBook, promises future updates
When Adobe announced the death of Flash Player on mobile devices earlier this week, it did so while promising to issue a final version for Android devices and the BlackBerry PlayBook. Now, that promise has come to fruition, with the release of version 11.1. Like pretty much every Adobe update, this latest refresh promises to patch up a host of security flaws -- 12 "critical" ones, to be exact. More intriguing, however, are Adobe's plans for future security support. In a blog post published Wednesday, company exec Danny Winokur confirmed that Adobe will "continue to provide critical bug fixes and security updates for existing device configurations." This sentiment was echoed in a Twitter post yesterday from Brad Arkin, senior director of product security and privacy: "Adobe will continue to ship security updates for Flash Player mobile after the final feature release." But neither Winokur nor Arkin have specified how long this patch distribution will continue, and the company has yet to offer any sort of timeline for future tablet and smartphone updates. For more information on the latest release, check out the source link below, or hit up the coverage link to grab the Android version for yourself.
RIM to forge ahead with Flash on the BlackBerry PlayBook, even if it's dead
Adobe may have killed off Flash for both TVs and mobile devices, but that isn't stopping RIM from continuing to support it on the PlayBook. In a statement provided to All Things D yesterday, the BlackBerry manufacturer confirmed that it's not giving up on the dream just yet, because it's one of the Flash Player source code licensees that Adobe will continue to support post mortem: "As an Adobe source code licensee, we will continue to work on and release our own implementations. RIM remains committed to delivering an uncompromised Web browsing experience to our customers, including native support for Adobe Flash Player on our BlackBerry PlayBook tablet (similar to a desktop PC browser), as well as HTML5 support on both our BlackBerry smartphone and PlayBook browsers. In fact, we are pleased that Adobe will focus more efforts on the opportunities that HTML5 presents for our developers, and shares our commitment to HTML5 as we discussed together at DevCon Americas." It certainly sounds strange for RIM to issue such a ringing endorsement of an ostensibly moribund platform, though it's not entirely unreasonable, considering the fact that Flash is a major component of QNX. Still, it's hard for us to see RIM expanding the medium much further, at a time when virtually everyone else seems committed to an HTML5 future.
Adobe abandoning Flash Player for TVs as well
And the white-flag waving continues. Shortly after announcing the painful death of Flash Player for mobile devices, Adobe is also stepping back from the platform on another major pedestal: television. In a statement to GigaOM, Adobe said that it would "continue to support existing licensees who are planning on supporting Flash Player for web browsing on digital home devices and are using the Flash Player Porting Kit to do so," but that it felt the "right approach to deliver content on televisions is through applications, not a web browsing experience." The broader efforts to bring Flash to connected HDTVs, Blu-ray players etc. were all part of its Open Screen Project -- something the now-defunct Palm joined in 2009 -- which was established in order to allow developers to craft a single Flash app and distribute it across a number of devices. A perfectly acceptable initiative in theory, but it seems that traction has been hard to come by. One has to wonder what this means for products in the Google TV family, which obviously rely on Flash Player to bring a "complete" browsing experience to the tee-vee screen. In related news, HTML5 could not be reached for comment, but close friends have affirmed that "snickering" and "belly laughs" could be heard coming from his Los Angeles hotel room.
