Adobe Flash auto-update status

[Brian J Smith-Sweeney <bsmithsweeney () NYU EDU>]

Hey folks,

Our internal security group had some debate about the current status
of Adobe's update mechanism for Flash on various platforms (related to
the recent exploit activity reported by the Shadowserver folks[1]).
Since I had to do a bit of digging to find official answers I thought
I would share the results here.

Based on Adobe's various publications, this is what I believe the
update status to be across some major platforms:

* Windows users will get notified automatically that an update is
available, but they still have to ok it.  [2][5]

* Mac OS X users get similar treatment to Windows users if they have
Flash 10.3.x.  Users with older versions of Flash have to manually
update via the download center. [2][5]

* Chrome browser users are supposed to get a *silent* automatic update
regardless of their OS. [3][5]

* Android users have to do it the old fashioned way. [4][5]

To my mind the key point is that unless you're running Chrome the
update process still involves some action on behalf of the user.

Cheers,
Brian

[1] http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20110617
[2] http://blogs.adobe.com/asset/2011/05/advancing-flash-player-privacy-and-security.html
[3] http://kb2.adobe.com/cps/839/cpsid_83950.html
[4] 
http://blogs.adobe.com/flashplayer/2011/05/adobe-flash-player-10-3-for-desktop-and-android-devices-now-available-including-android-3-1-support.html
[5] http://www.adobe.com/support/security/bulletins/apsb11-18.html


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Brian Smith-Sweeney            Project Lead
ITS Technology Security Services, New York University
http://www.nyu.edu/its/security
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~