No fixed Adobe: Missing patches and Firefox warnings

Graham Cluley
Graham Cluley
@[email protected]

Mozilla has pushed out a new version of its popular Firefox web browser that fixes a number of critical security vulnerabilities.

Obviously you should update your installation of Firefox to take advantage of these fixes, but another good reason is that this new version also rather wonderfully warns you if you are running an out-of-date version of Adobe Flash:

Firefox warns of out-of-date version of Adobe Flash

That’s great. As I mentioned last week, Adobe can be considered very much “the new Microsoft”, but not in a good way.

Sign up to our free newsletter.
Security news, advice, and tips.

Adobe’s Flash and PDF software is frequently targeted by hackers because so many of the world’s computers are running it. As a result, users have been facing a running battle of keeping up-to-date with Adobe security patches to ensure that they are not exposing themselves to infection via exploitable code.

Anything which warns users that they do not have the latest version of Adobe Flash installed has to be a good thing. So Mozilla should be applauded for helping its millions of users (the vast majority of whom are certainly running a version of Adobe Flash) in this fashion.

Keeping up-to-date with Adobe Flash has been in the news in the last week or so, after it was discovered that Mac users upgrading to Snow Leopard could have Adobe Flash silently downgraded without their knowledge, potentially reopening security vulnerabilities.

Adobe has recognised that hackers are increasingly targeting its software, and earlier this year announced that it would be following in Microsoft’s footsteps by releasing security patches (for its Acrobat Reader PDF software at least) on a regular basis.

Indeed, it announced that it would be releasing vulnerability fixes on the second Tuesday of every third month, and the first of those appeared in June.

Hmm… June, July, August, September… Hey, shouldn’t we have had some Adobe security patches on Tuesday to time in with the ones that came from Microsoft? Why are they missing in action?

According to media reports, Adobe has decided to hold off on its second bunch of quarterly updates until October 13th.

I’m not sure that this chopping-and-changing schedule from Adobe is good news for system administrators who like to schedule as much as possible when they will have to roll out new versions of software.

Update: Thanks to Clu-blog reader Malware Domain List, who made the excellent point that hackers might attempt to fake the warning that Mozilla Firefox displays when Adobe Flash is out of date, and lead you to a malicious webpage or download. That’s certainly a risk – and so you should always ensure that you are downloading the latest version of Flash from Adobe’s own website.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.