Adobe confirms Windows 8 users vulnerable to active Flash exploits

Baked-in Flash Player in Windows 8's IE10 won't be updated until late October, says Microsoft

By , Computerworld |  Security, Adobe, Adobe Flash

Microsoft has not updated the Flash in IE10 within Windows 8 to accommodate those two sets of patches, Adobe confirmed Friday. "Flash Player 11.3.372.94 does not incorporate the fixes released in APSB12-18 and APSB12-19," said Wiebke Lips, a spokeswoman for Adobe, referring to the Aug. 14 and Aug. 21 Flash updates.

Windows 8 RTM's IE10 identifies the integrated Flash Player as version 11.3.372.94, a more recent build than the one in Windows 8 Release Preview, but older than the most-up-to-date version for Windows, 11.4.402.265, which Adobe delivered on Aug. 21.

Adobe actually told some users about Windows 8's Flash situation two weeks ago.

On an Adobe support forum, a company representative announced on Aug. 23 that there would be no Flash update for Windows 8 and IE10 until late October. "Since Windows 8 has not yet been released for general availability, the update channel is not active," said Chris Campbell, identified as an Adobe employee. "Once this goes live, you'll start getting updates to Flash Player."

It was unclear what Campbell meant by "the update channel is not active," as Microsoft has patched Windows 8, most recently in July when it issued fixes to both Windows 8's Consumer Preview and Release Preview through Windows Update.

Internet Explorer 10 on Windows 8 desktop relies on a baked-in version of Flash that hasn't been updated to account for some critical bugs, including one hackers have been exploiting for weeks.

Microsoft support engineers have known of the Flash problem on Windows 8 since at least Aug. 25.

Even though users noticed last month that IE10's Flash had fallen behind Adobe's version, it wasn't until this week that ZDNet blogger Ed Bott first reported that Windows 8 users were vulnerable to attack.

Some of the people commenting on Adobe's and Microsoft's support forums, as well as on Bott's blog, argued that Microsoft should be excused for not patching Flash because Windows 8 has not widely shipped. Others disagreed, pointing out that Windows 8 RTM has been available to enterprises with volume licensing agreements for several weeks, and so it has moved beyond the evaluation phase.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question