Adobe has released an important update to its Flash Player software that fixes critical security flaws and gives users a better way of controlling whether they are being tracked on the Web.
The Flash Player 10.3 update, released Thursday, lets users manage Flash cookies using their browser’s privacy settings or through a new control panel. Flash cookies, also called “Local Stored Objects,” have been a sore spot for Adobe users since 2009, when researchers showed they were being used extensively to track Web surfers. The problem is that Flash cookies historically have been hard to remove, unlike traditional cookies, and some sites have used them to track users who have wanted to block cookies.
Cookies are small snippets of text, stored on the computer, that websites use to identify repeat visitors.
“Users could manage the [Flash cookies] before, however, the experience was not exactly the most user-friendly,” Adobe spokeswoman Wiebke Lips said via e-mail.
The new Flash cookie management option will work with the Firefox and Internet Explorer browsers. In the future, it will also be available to Chrome and Safari users, according to Adobe.
Although there are still plenty of privacy issues on the Web, Adobe’s update is good news, said Seth Schoen, a senior staff technologist with the Electronic Frontier Foundation who has followed the Flash cookie problem. “I’m glad Adobe is addressing this in a comprehensive way,” he said in an e-mail message. “It’s a shame that it’s taken such a long time, but it’s good that it’s finally happened.”
Web surfers can also manage their Flash cookies through a new control panel, designed to give users a single place where they can make sure that Flash Player isn’t doing anything it shouldn’t. “With Flash Player 10.3, we have created a new native control panel for Windows, Macintosh and Linux desktops that will allow end-users to manage all of the Flash Player settings, including camera, microphone and Local Shared Objects,” Adobe spokesman Peleus Uhley wrote in a blog posting.
The new Flash Player also includes a number of improvements designed to make it a better media player, along with security fixes for several critical bugs. Also new: Mac OS users will now get automatic software update notifications, just like their Windows counterparts. “In the past, Mac users often had trouble keeping up with Flash Player updates since the Mac OS and Flash Player ship schedules are not in sync,” Uhley wrote in a blog post. “With this new feature, Flash Player will automatically check each week for new updates and notify the user when new updates are available.”
The security updates, which affect all Flash platforms, are important. Flash has been used in a lot of online attacks over the past few years, and with this latest set of patches, Adobe said it’s fixed a previously unknown flaw that had been leveraged in online attacks.
“There are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform,” Adobe said in a note posted to its website. “However, to date, Adobe has not obtained a sample that successfully completes an attack.”
Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert’s e-mail address is robert_mcmillan@idg.com