Adobe Flash update puts users in charge of privacy

The update also fixes a critical security bug that hackers have been leveraging, Adobe says

Adobe has released an important update to its Flash Player software that fixes critical security flaws and gives users a better way of controlling whether they are being tracked on the Web.

The Flash Player 10.3 update, released Thursday, lets users manage Flash cookies using their browser's privacy settings or through a new control panel. Flash cookies, also called "Local Stored Objects," have been a sore spot for Adobe users since 2009, when researchers showed they were being used extensively to track Web surfers. The problem is that Flash cookies historically have been hard to remove, unlike traditional cookies, and some sites have used them to track users who have wanted to block cookies.

Cookies are small snippets of text, stored on the computer, that websites use to identify repeat visitors.

"Users could manage the [Flash cookies] before, however, the experience was not exactly the most user-friendly," Adobe spokeswoman Wiebke Lips said via e-mail.

The new Flash cookie management option will work with the Firefox and Internet Explorer browsers. In the future, it will also be available to Chrome and Safari users, according to Adobe.

Although there are still plenty of privacy issues on the Web, Adobe's update is good news, said Seth Schoen, a senior staff technologist with the Electronic Frontier Foundation who has followed the Flash cookie problem. "I'm glad Adobe is addressing this in a comprehensive way," he said in an e-mail message. "It's a shame that it's taken such a long time, but it's good that it's finally happened."

Web surfers can also manage their Flash cookies through a new control panel, designed to give users a single place where they can make sure that Flash Player isn't doing anything it shouldn't. "With Flash Player 10.3, we have created a new native control panel for Windows, Macintosh and Linux desktops that will allow end-users to manage all of the Flash Player settings, including camera, microphone and Local Shared Objects," Adobe spokesman Peleus Uhley wrote in a blog posting.

The new Flash Player also includes a number of improvements designed to make it a better media player, along with security fixes for several critical bugs. Also new: Mac OS users will now get automatic software update notifications, just like their Windows counterparts. "In the past, Mac users often had trouble keeping up with Flash Player updates since the Mac OS and Flash Player ship schedules are not in sync," Uhley wrote in a blog post. "With this new feature, Flash Player will automatically check each week for new updates and notify the user when new updates are available."

The security updates, which affect all Flash platforms, are important. Flash has been used in a lot of online attacks over the past few years, and with this latest set of patches, Adobe said it's fixed a previously unknown flaw that had been leveraged in online attacks.

"There are reports of malware attempting to exploit one of the vulnerabilities, CVE-2011-0627, in the wild via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform," Adobe said in a note posted to its website. "However, to date, Adobe has not obtained a sample that successfully completes an attack."

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is

Join the CSO newsletter!

Error: Please check your email address.

Tags patchesMac OSapplicationssecurityAdobe Systemssoftwareoperating systems

More about Adobe SystemsElectronic Frontier FoundationExcelIDGLinuxMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Robert McMillan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place