« Apple Update, Moviestar | Main | Defective poster »
December 19, 2007
Player security update
Player security update: The news stories today don't make it obvious that today's security release is for older-generation Adobe Flash Player, and that everyone using the current "Moviestar" r115 Player is already protected. (Why update old versions? Because some intranets have a lengthy approval process for new versions, but will quickly accept security updates for versions they already have approved.) Source info is at Adobe Security Advisories, which contains mention of stricter cross-domain policy files, asfunction restriction, HTTP header modification, and other issues which have come up in the past week... I think we wanted to keep quiet on details until all backports were available. Action item: If you haven't done so already, then please do check existing work in the current r115 Player released earlier this month... we had a number of late changes this cycle, and not all may have been reflected in the public beta versions. Any questions, please put 'em in comments here and I'll do my best to get replies, although I'm starting to see the office empty out for holidays. Trivia note: It looks like this will be the last update for the Player 7 generation, although SWF7 files remain supported within current Players. Adios, Matador!
Posted by JohnDowdell at December 19, 2007 01:31 PM
Trackback Pings
TrackBack URL for this entry:
http://weblogs.macromedia.com/mtadmin/mt-tb.cgi/9188
Comments
I don't suppose the also-updated Shockwave 10.1.1 r16 has a nifty codename? How about "Centenarian"? :P
[jd sez: If I'm reading right, that might be "millenarian".]
Posted by: Sarcas at December 19, 2007 05:50 PM
The newest player hard crashes IE6 sp2 on winXP sp2 at Adobe.com... Have "ignore fonts sizes" set in accessibility options (many sites have very tiny fonts on 1920x1200 monitor).
Posted by: Dave_Matthews at December 20, 2007 03:46 AM
I wrote about updating Flash and some problems encountered along the way. It seems the bugs extend to install/uninstall.
Update your copy of the Flash player now. And do it the right way.
http://blogs.cnet.com/8301-13554_1-9837179-33.html
Posted by: Michael Horowitz at December 21, 2007 03:03 PM
does this update fix the vulnerability mentioned on the article below..?
http://www.theregister.co.uk/2007/12/21/flash_vulnerability_menace/
[jd sez: That article mentions that whatever problem they're describing is not addressed in the recent Player update, but also states that it may not be addressable through a Player update at all. The risk is described as being to browser cookies or browser log-in, and is triggered through the HTML the browser parses. Like most people, I can't make out the issue behind the book's promotion.]
Posted by: Varun Shetty at December 26, 2007 10:34 PM