Adobe Flash Player 11.1.102.62 Final

. Download the uninstaller for Flash Player

Download the correct Flash Player uninstaller for your version of Windows. (For assistance with this step, see How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system.)
32-bit uninstaller (229 KB)
64-bit uninstaller (229 KB)

http://kb2.adobe.com/cps/141/tn_14157.html



Adobe Flash Player 11.1.102.62 Final
download
http://get.adobe.com/flashplayer/


Version check
http://www.adobe.com/products/flash/about/

A bit confusing.....care to elaborate please?

the whole adobe flash update process is a bit of a shambles. eg. it only does a update check following a reboot meaning if you dont reboot often you wont get prompted, and in my experience only the IE version prompts me and FF I have to manually run the updater.

these 2 links I suggest anyone bookmarks. along with the version check link nick posted.

IE
http://fpdownload.adobe.com/pub/flashplayer/current/...
FF/chrome/opera
http://fpdownload.adobe.com/pub/flashplayer/current/...

64bit versions
IE
http://fpdownload.adobe.com/pub/flashplayer/current/...
FF/chrome/opera
http://fpdownload.adobe.com/pub/flashplayer/current/...

Edited by Chrysalis (Sat 18-Feb-12 09:52:15)

In reply to a post by Chrysalis:

the whole adobe flash update process is a bit of a shambles

Sorry, but I still don't have a clue why I should need to download an uninstaller program and then reinstall a Flash version that I already have! Surely this thread is only relevant to users whose system hasn't updated for ages and there's a glitch that's stopping the updates. I think that, if the 'security experts' are coming onto forums like this one to tell people what to do, they need to be much more specific about who it's aimed at and why their advice should be heeded. A little bit of communication wouldn't go amiss (i.e.plain English and not a series of links and computer speak).

In reply to a post by GeoffB:

Sorry, but I still don't have a clue why I should need to download an uninstaller program and then reinstall a Flash version that I already have! Surely this thread is only relevant to users whose system hasn't updated for ages and there's a glitch that's stopping the updates. I think that, if the 'security experts' are coming onto forums like this one to tell people what to do, they need to be much more specific about who it's aimed at and why their advice should be heeded. A little bit of communication wouldn't go amiss (i.e.plain English and not a series of links and computer speak).

Not everyone wants yet another updater running on their system and would rather update manually.

If you use Linux or similar, you can probably use your repository manager to keep things up-to-date (e.g. Fedora system update, YUM, apt-get).

If it is not relevant to you, or you dislike the thread content, then you can ignore it. It is just being done as a courtesy to Windows users.

My point is that if users uninstall the updater they might not remember to check for updates manually and be left exposed. Most users are perfectly happy with the automatic system; and why is this being touted as a security issue? Surely the security issue would be if users uninstalled and then forgot to update manually!! I still maintain that plain English is sorely lacking in some forum posts, by the way.
Rant over...to the previous poster who finds the automatic updater a bit erratic, are you running as a Limited Rights user? I find that if I nip into an Admin account about once a week all sorts of updates are offered, including this one. It never appears in my bog-standard user account. (I once came across someone who had never had any Windows Updates because his system was set only to receive them in an Admin Rights account. When I ticked the box about 185 turned up on reboot).

Sorry, but I still don't have a clue why I should need to download an uninstaller program and then reinstall a Flash version that I already have!

You shouldn't take posts so literally, nick has posted to say that an update is available, has provided a link to the uninstaller (should you wish), and also a link to the download (again should you wish!)

As a side note - When using MSI packages, flash is best uninstalled, system rebooted, then latest version installed, for absolute maximum success, due to incompetence in the adobe programming department.

I don't see anyone touting it as a security issue? If the user uninstalls flash then there isn't flash there to be exploited, you will then be even more secure!!

Using limited/admin accounts on a home PC is just wasteful of time, just use an Admin and get on with it, that is what User Account Control is for.. Your latter example just reinforces the point.

Edited by Pipexer (Sat 18-Feb-12 20:33:09)

What about kids running as administrators? I've known a couple of trashed PCs as a result of teenagers clicking 'install'. I do take the point that Nick is trying to be helpful and maybe I should take it in that spirit, but surely some explanation wouldn't go amiss if forum members are being urged to uninstall and re-install things. I reiterate my point too that my system is totally up to date and I've never uninstalled older versions or had stability issues; I just let the updates come through automatically. In the back of my mind there's a little niggle about a Windows Update long ago that made the automated process more seamless.

In reply to a post by GeoffB:

What about kids running as administrators? I've known a couple of trashed PCs as a result of teenagers clicking 'install'. I do take the point that Nick is trying to be helpful and maybe I should take it in that spirit, but surely some explanation wouldn't go amiss if forum members are being urged to uninstall and re-install things. I reiterate my point too that my system is totally up to date and I've never uninstalled older versions or had stability issues; I just let the updates come through automatically. In the back of my mind there's a little niggle about a Windows Update long ago that made the automated process more seamless.

An updater is just like any arbitrary program, so it'd need to be given permission to start fiddling around changing program files or other stuff that could affect the system.

I think you're making a mountain out of a molehill. It isn't going to harm anyone by using a slightly more circuitous route.

Any rational person would see the post as a simple advisory with links to the relevant materials. If they don't understand it, want to understand it, or believe it to exceed their verbiage tolerance then I'm sure they will just leave it alone.

Really, it would require a heroic level of incompetence to trash your OS with a Flash installer.

Edited by deleted (Sat 18-Feb-12 21:46:35)

In reply to a post by Pipexer:

...... Using limited/admin accounts on a home PC is just wasteful of time, just use an Admin and get on with it, that is what User Account Control is for....

Defeating UAC is a fairly simple matter that is widely documented.

Give the kids their own PCs, they will probably want to play games which, you guessed it, often need Administrator permissions.

If not then perhaps yes, give the kids so-called limited accounts, but one would expect any adult to be clever enough to use an Admin account without issues on their home PC.

Having said that in my experience most of the trashing done these days is from adults who cannot resist thinking they know better and installing all manner of [censored] software and generally goofing with settings because they read some incorrect article in a PC magazine or some nonsense on BBC news of how to make your PC extra secure by fiddling around with things.

Edited by Pipexer (Sat 18-Feb-12 22:25:01)

If "x" can bypass UAC then it can probably do the same so-called "bypassing" when just logged on as a standard user, hence no difference either way.

It is an absolutely stupid waste of time logging in as a standard user and then switching to an Admin account for your own personal desktop, you can't get anything done properly (software updates, plugins, certain programs etc), the time wasted really is not worth the marginal gain in security.

Not only this, if something requires elevation, it will ask for the Admin account password, which the user would know, and if victim of social engineering, will type in anyway.

So I suppose if you did want to go for reduced risk, then you'd actually put them on as limited users and disable UAC elevation. Does anyone do that? No, they aren't smart enough.

If you are in an enterprise environment then it is of course a different matter.

Edited by Pipexer (Sat 18-Feb-12 22:54:16)

In reply to a post by Pipexer:

If "x" can bypass UAC then it can probably do the same so-called "bypassing" when just logged on as a standard user, hence no difference either way.
It is an absolutely stupid waste of time logging in as a standard user and then switching to an Admin account for your own personal desktop, you can't get anything done properly (software updates, plugins, certain programs etc), the time wasted really is not worth the marginal gain in security.
If you are in an enterprise environment then it is of course a different matter.

I fully agree. My point is that UAC is not and never was a defence against malware. There is at least one 5 year old "privelege elevation" exploit in Windows which is still unpatched. Several rootkits, most "FakeAV", some worm variants and trojans such as BancOS are just a few examples of malware that take advantage of this. Some of these will hook AV scans that are run after infection in order to hide their presence.

This is why it's essential to run decent anti malware/AV/firewall protection despite what others will say!

I disagree that it's essential on any system - because it very much depends on the circumstance.

To explain my train of thought more clearly (because our opinions seem to clash a lot and I ought to give it more explination)

-User is constantly downloading and running files in attempt to get copyrighted material for free and running them: AV essential
-User clicks on things without reading and visits many websites: AV essential

However situations such as the following:

-Very competent user and doesn't do high-risk activities on PC
-Server performing highly secure service only with highly restricted firewall permissions, no web browsing enabled.
-PC disconnected from internet, only CD-ROM media installed on the system.

Would not neccessarily require AV software, in my opinion.

Obviously we have our different opinions on how secure Windows is an OS and different knowledge of exploits.

It's not just limited to those examples above, by all means.

I should say that these opinions are unrelated to security software which blocks phishing sites etc - in my opinion these are social-engineering protection products and not what I'd call antimalware. I certainly have no requirement for something which tells me if a page is fake or not.

The other problem with companies bundling things like with their security product is dilution of the programmers efforts, interfering with the Windows kernel is not micky mouse stuff and I fear that sometimes the development effort gets diluted adding value add [censored] which isn't actually that important in the end. Programmers get told to develop toolbars rather than develop efficient scanning engines.

Ultimately, my own experience suggests that 99% of infections usually come from the user clicking "OK", and I know that I have the ability myself to resist clicking things without reading.

In reply to a post by Pipexer:

-Very competent user and doesn't do high-risk activities on PC
-Server performing highly secure service only with highly restricted firewall permissions, no web browsing enabled.
-PC disconnected from internet, only CD-ROM media installed on the system.
Would not neccessarily require AV software, in my opinion.

Your first example is negated by what I write below and this is just the tip of the iceberg.
Your second example is perhaps safe as long as no external data is able to be accessed by the system thereby rendering it useless for most applications. We are discussing domestic systems here anyway - Business critical systems are a different matter (Although in my experience, security on many of these are frankly, laughable).
Your third example is flawed by the fact that malware can easily be delivered by read only material.

I won't go into the obvious cesspits such as Facebook etc but these are hugely popular sites to the average user and it's that average user that we must bear in mind when discussing such matters in the public arena.
It is common knowledge that several high profile domains that would normally be regarded as safe have been infected in the recent past. Many local authority, social housing and other "essential" sites etc that are regularly visited by "competent users" have been and some still are compromised.
The days of having to vist porn, P2P, gambling and other unsavoury sites to get infected or having to physically open files or email attachments are long gone. Drivebys and some other very clever "innovations" have relegated these criteria to the history books.

Edited by Deadbeat (Sun 19-Feb-12 00:02:58)

Enterprise/government/public sector networks - indeed, enough said there!

Though I'm curious about your reasoning for the 3rd one - if the system never goes on the internet, the chances of optical media containing a virus is extremely unlikely. Even if the system does get a virus on it, since it is disconnected from the internet, there is not a huge risk, right?

Only read only media going into the PC, so it isn't going to spread.

If it crashes the system, then yes the user has to reinstall the OS, but if it has purposes which require an internet connection, does it even matter if something is on there given it can't spread or leak personal information anywhere? But the risk is so low I'm not sure it's even worth running the software let alone purchasing something.

I would have said actually the 3rd one (that is, computer disconnected from the internet) out of those 3 examples was the one I'd be least tempted to put AV on, the only real risk is the PC needs the OS installing, there isn't any potential for loss or compromise of data.

It all depends on the circumstance of course.

Differing opinions

A few folks I know have been caught out by a nasty yet genuine looking flash updater/installer from what they thought was a video link on facebook - IMO they are fairly competent and experienced users. Realising that there was an infection they cleaned their machines with Malwarebytes before any more harm was done. Norton AV did not block the fake flash updater/installer malware - it was fooled just as easily as those users.

Now they only check for updates and update the flash player directly from the Adobe site. This can easily be done by right clicking a video screen on the actual YouTube site which takes one directly to the relevant page on the Adobe site.

In reply to a post by Pipexer:

......If it crashes the system, then yes the user has to reinstall the OS, but if it has purposes which require an internet connection, does it even matter if something is on there given it can't spread or leak personal information anywhere? But the risk is so low I'm not sure it's even worth running the software let alone purchasing something....

In a domestic situation that's true (Except of course, you don't need a network to transfer data!), although there is still a real risk of data loss and given the average domestic situation that data will be irreplaceable and won't be backed up.
Infected read only media is far from unknown! Remember Sony's rootkit? Although pretty much benign in the grand scheme of things, it was advanced upon and used with much success by criminals.

Besides, there aren't many domestic computers about that don't have access to a network.

Edited by Deadbeat (Sun 19-Feb-12 00:50:14)

In reply to a post by 4M2:

A few folks I know have been caught out by a nasty yet genuine looking flash updater/installer from what they thought was a video link on facebook - IMO they are fairly competent and experienced users...

The "Like button" "exploit" is another accomplished but simple Facebook trick that has fooled many "competent" users for a couple of years.

In reply to a post by GeoffB:

A bit confusing.....care to elaborate please?

Hi Geoff
i post the security updates when i receive them direct from the adobe team
In the case of flash it is always a security update but the release notes are not always available at the time of my posting sorry about that


some people prefer to uninstall the old build first whilst others prefer to install over the top hence the links to the uninstaller

The version check is to make sure that your up to date and that it is installed correctly

hope that helps


Summary

This update addresses critical vulnerabilities in Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system. This update also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only).

Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6.

This was my first concern when I saw the automated flash upgrade thing -- people are going to use this to confuse users to click on it.

I suppose I am culprit of assuming "experienced" users are IT professionals, but, computing will never get any more secure until users try and control what they go clicking on. I mean we could go the way of NGSCB, but I'm not so keen on things like that, and all you are doing then is trusting someone else to make the "Yes" "No" decision for you. Not going to get sucked into that debate at this time of the night

Thanks for that, Nick. I was aware that there was a recommendation out there to uninstall the old then reinstall the new version, but those of us who update when the prompt comes through usually just go ahead and let it do its thing. Does the automatic update uninstall the old version first, I wonder? I might try your method sometime, but I certainly seem to get the most recent version via the automated route.

In reply to a post by GeoffB:

Thanks for that, Nick. I was aware that there was a recommendation out there to uninstall the old then reinstall the new version, but those of us who update when the prompt comes through usually just go ahead and let it do its thing. Does the automatic update uninstall the old version first, I wonder? I might try your method sometime, but I certainly seem to get the most recent version via the automated route.

I can't see a recommendation per se, just a link to the uninstaller, which struck me as odd seeing how it's an upgrade not a deletion.

In reply to a post by GeoffB:

Thanks for that, Nick. I was aware that there was a recommendation out there to uninstall the old then reinstall the new version, but those of us who update when the prompt comes through usually just go ahead and let it do its thing. Does the automatic update uninstall the old version first, I wonder? I might try your method sometime, but I certainly seem to get the most recent version via the automated route.

Your welcome Geoff
With regards updates a lot of people seam to think worldwide does it matter ? Well it does as we find that those that update all of their software regularly normally find their computer much more responsive then those that don't and then have to hit the forums for advice

this update checker is a very good starting point in making sure that your software is current

http://www.filehippo.com/updatechecker/

As for drivers they to need to be updated regularly especially where games are concerned for stability of sound and vision