Adobe streamlines Flash Player updates by going silent
And it drops Flash support for Microsoft's IE6
Adobe yesterday released Flash Player 11.2, adding silent updating to speed patching of "zero-day" vulnerabilities in the Windows edition.
"Improving the update process is probably the single most important challenge we can tackle for our customers at this time," Peleus Uhley, a senior security researcher at Adobe, said in a Tuesday blog entry .
On Windows -- silent update will come to the Mac later, the company said -- Flash Player 11.2 checks for security updates, then downloads and installs them without bothering the user.
The background update tool pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later.
The updater's default setting can be changed so that Flash Player continues to notify the user when updates are available.
When you first launch Flash Player 11.2, the plug-in asks for permission to turn on the new silent updater.
Like Mozilla's Firefox, which is also working toward silent updates , Flash Player relies on a customized Windows service to automatically install patches without displaying a User Account Control (UAC) prompt in Windows Vista and Windows 7.
Flash Player 11.2's background updater refreshes both versions of the Windows plug-in: The one used by Microsoft's Internet Explorer and the one for all other browsers. "This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other browsers," Uhley said.
Chrome is the exception, since Google's browser includes Flash Player; Chrome's own update mechanism will continue to handle Flash patches.
Everyone could use a break from manually patching Flash Player. Adobe has already rolled out two batches of fixes this year, most recently on March 5 , and it patched Flash nine different times in 2011.
Uhley cautioned that not every update would use the new mechanism.
"We will be making the decision to silently install on a case-by-case basis," said Uhley, who hinted that it would primarily be used to distribute patches for zero-day vulnerabilities where time is of the essence.
Adobe acknowledged that it's following Chrome's footsteps in silent updating. "This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach," said Uhley. "We are hoping to have similar success."
Also yesterday, Adobe said it was demoting Flash Player on Internet Explorer 6 (IE6), the browser that Microsoft has been trying to kill for more than two-and-a-half years.
"Adobe will be dropping support for Internet Explorer 6 starting with today's release of Flash Player 10.3," said Uhley.
Future versions of Flash Player 10.3 will probably run on IE6 -- installation of the ActiveX control on the nearly-11-year-old browser won't be blocked -- but Adobe will no longer guarantee that Flash will work on the aged application.
Flash Player 11.2 for Windows can be downloaded from Adobe's website.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer , on Google+ or subscribe to Gregg's RSS feed . His email address is email@example.com .
Read more about security in Computerworld's Security Topic Center.