March 28, 2012, 4:42 PM — Adobe yesterday released Flash Player 11.2, adding silent updating to speed patching of "zero-day" vulnerabilities in the Windows edition.
"Improving the update process is probably the single most important challenge we can tackle for our customers at this time," Peleus Uhley, a senior security researcher at Adobe, said in a Tuesday blog entry .
On Windows -- silent update will come to the Mac later, the company said -- Flash Player 11.2 checks for security updates, then downloads and installs them without bothering the user.
The background update tool pings Adobe's servers every hour until it gets a response. If it reaches Adobe and finds no ready update, the tool re-checks the servers 24 hours later.
The updater's default setting can be changed so that Flash Player continues to notify the user when updates are available.
When you first launch Flash Player 11.2, the plug-in asks for permission to turn on the new silent updater.
Like Mozilla's Firefox, which is also working toward silent updates , Flash Player relies on a customized Windows service to automatically install patches without displaying a User Account Control (UAC) prompt in Windows Vista and Windows 7.
Flash Player 11.2's background updater refreshes both versions of the Windows plug-in: The one used by Microsoft's Internet Explorer and the one for all other browsers. "This will solve the problem of end-users having to update Flash Player for Internet Explorer separately from Flash Player for their other browsers," Uhley said.
Chrome is the exception, since Google's browser includes Flash Player; Chrome's own update mechanism will continue to handle Flash patches.
Everyone could use a break from manually patching Flash Player. Adobe has already rolled out two batches of fixes this year, most recently on March 5 , and it patched Flash nine different times in 2011.
Uhley cautioned that not every update would use the new mechanism.
"We will be making the decision to silently install on a case-by-case basis," said Uhley, who hinted that it would primarily be used to distribute patches for zero-day vulnerabilities where time is of the essence.
Adobe acknowledged that it's following Chrome's footsteps in silent updating. "This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach," said Uhley. "We are hoping to have similar success."