Linux News Today: Adobe Releases Massive Security Update for Linux Flash Player
Adobe abandoned active development for the Flash Player on Linux a while back and is now only releasing security upgrades. The company just released a massive security update, and it looks like the Linux platform is covered as well.
Flash is so well embedded on the Internet that it’s really difficult to get rid of. Despite being shunned by all the major players like YouTube, Facebook, Apple, and pretty much everyone else, it’s still present all over the place. That means that all the security problems are still present, and they need to be dealt with.
The Flash Player for Linux has been stuck at version 11.x for many years, and it’s not going to advance. It will stay in that branch until it is declared dead, but from time to time Adobe remembers that there are Linux users as well and that they might be affected.
One of the biggest patches for Adobe Flash Player
The main problem of the Flash Player, no matter the platform, is the fact that it’s full of security issues that are not fixed by Adobe. Some of the problems remained there for long periods of time, making Flash one of the most vulnerable components in the online world.
It’s not clear why Adobe doesn’t adopt a more alert development approach, releasing fixes as soon as they are discovered. They are content with just pushing major upgrades, like the latest one, when enough problems have gathered. This new one has 78 CVEs.
“Adobe has released security updates for Adobe Flash Player. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system,” Adobe wrote in the security notice. Adobe Flash Player for Linux was advanced to version 126.96.36.1994, which should already be in all the major repositories.
Vulnerabilities on Linux platforms are usually closed as soon as they are found, and that is one of the reasons why this is a secure platform. Just imagine what would happen if developers postpone patching the kernel in this manner, for example.
All the vulnerabilities are classified, which means that we don’t really know what the issues were, but that’s probably a good thing. Adobe also says that none of these vulnerabilities has been exploited until now.