Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Flash Player update for IE not reported

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
Timothy_J._McGowan Flash Player update for IE not reported
Member 20th Mar, 2011 14:05
Ranking: 4
Posts: 8
User Since: 18th Nov, 2010
System Score: N/A
Location: US
Another user has reported, and I have confirmed, that our Firefox Web browsers were up to date with Adobe Flash Player 10.2.152.32 but that our Internet Explorer 8 Web browsers were at 10.2.152.twenty-something. (Sorry; I didn't make a note of the version number.)

I ran a Secunia PSI scan of my system, and it found I was up to date, even though there was a new version of Adobe Flash Player available for Internet Explorer 8.

After updating Flash for IE, a subsequent scan with PSI still showed my system as up to date.

-- Timothy J. McGowan
Original discussion here, for what it's worth:
http://community.compuserve.com/ws-crforum/message...

Anthony Wells RE: Flash Player update for IE not reported
Expert Contributor 20th Mar, 2011 14:16
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A
Last edited on 20th Mar, 2011 14:36
Hello Timothy ,

This is a copy of my/an earlier reply to a similar/your problem :-

Quote :Whilst you wait for someone from CSI support to reply , you should know that the version ...26 is the latest "secure" version and that .....32 is/was a bug fix and so , as such , is not recognised as a required security patch/update by Secunia .

EDIT : you should note that there is a current O day exploit as described here :-

http://secunia.com/advisories/43751/

Unquote .

The latest exploit is shown in the "secure browsing" mode of the PSI as "no solution" .

This is the full thread , see last post from a Secunia Officialfor confirmation :-

http://secunia.com/community/forum/thread/show/786...

hope that helps .

Anthony

PS : excuse all the Edits .

PPS:((( This thread gives some extra info concerning version display :-

http://secunia.com/community/forum/thread/show/789...







--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
ddmarshall RE: Flash Player update for IE not reported
Dedicated Contributor 20th Mar, 2011 14:59
Score: 1208
Posts: 960
User Since: 8th Nov 2008
System Score: 98%
Location: UK
The last Security Update for Flash Player was http://www.adobe.com/support/security/bulletins/ap... which is 10.2.152.26.

A Security Update is scheduled for the week beginning 21 March 2011 http://www.adobe.com/support/security/advisories/a...

The PSI secure browsing tab shows Internet Explorer and Firefox as not secure for browsing. The embedded Flash Player in Chrome has already been updated and is secure in Chrome 10.0.648.134.

Mitigations availble: http://blogs.technet.com/b/srd/archive/2011/03/17/...

--
This answer is provided “as-is.” You bear the risk of using it.
Was this reply relevant?
+0
-0
Anthony Wells RE: Flash Player update for IE not reported
Expert Contributor 20th Mar, 2011 15:09
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello again Timothy ,

Confusion was reigning earlier , but has now abated . Thanks ddm for your precis .

Having read your linked discussion with Warren , the following may be relevant :-

The latest Adobe Flash installers contain their own uninstallers and you do not need to follow Warren's method which has been superseded ; with the caveat that you must stop/exit completely all programmes using the IE ActiveX version of Flash or the older .ocx file locks up and is not removed (even with Warren's Method) ..

If you use the latest version of the PSi (2.0.0.3001) you can let the "auto-update" facility load the "latest Secure" version for you "hands free" ; provided you don't mind a programme downloading/installinig stuff on your behalf .

FileHippo lets you find and download the very latest update versions of a wide range of programmes , if that is your choice ; it's programme checker is less extensive than that of the PSI :-

http://www.filehippo.com/

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+1
-0
Timothy_J._McGowan RE: Flash Player update for IE not reported
Member 20th Mar, 2011 18:58
Score: 4
Posts: 8
User Since: 18th Nov 2010
System Score: N/A
Location: US
Thanks, ddmarshall and Anthony:

I suspected there might be a difference between a security update versus a software update.

I sought and failed to discern any earlier discussion of this situation, and I apologize for what seems to have been a duplicate post.

ddmarshall:
>> The PSI secure browsing tab shows Internet Explorer and Firefox as not secure for browsing. <<

I've never seen that PSI as ever considered either browser to be secure for browsing, but I'll admit I stopped checking quite a long time ago, as simply keeping them up to date was the best I could ever do. A particular site I visit daily is not programmed to work in Chrome; if it were, I would probably be using Chrome exclusively, or at least extensively, by now.

Anthony:
Thanks for taking the time to read and comment here about the outside discussion to which I linked. I appreciate the mention of FileHippo. I'm more concerned about security than updates (although I value both), so I think in the interests of keeping this particular work laptop leaner and meaner, I'll personally skip FileHippo, but I'll pass on your recommendation for those who want such a utility.

I'm obviously a newbie here. I accept both your answers. Please remind me: Am I permitted to click Accept under each of your posts?
Was this reply relevant?
+0
-0
Anthony Wells RE: Flash Player update for IE not reported
Expert Contributor 20th Mar, 2011 19:10
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hello Timothy ,

Glad you are satisfied with the advice .

Re "secure browsing" , the module will show whether the browser itself is secure and additionally whether it has "insecure/no solution" add-ons , plug-ins , extensions or whatever ; thus there is more than one reason to check the module regularly as per Flash being Highly criiical level Cat5 in IE and Ff , while Chrome is already updated (as per ddm) .

You only get one "Accept" but as ddm and I don't care about voting and seldom do , you can leave Secunia to lock it for you . If we get a lot of tag-on posts and emailed thread updates , it's back yo you .

Take care

Anthony

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0
Timothy_J._McGowan RE: Flash Player update for IE not reported
Member 20th Mar, 2011 19:29
Score: 4
Posts: 8
User Since: 18th Nov 2010
System Score: N/A
Location: US
Thanks, Anthony.

(And yes, I'm pronouncing that AN-tuhn-nee in my head, even though I'm an American.)

I'll let Secunia close this thread on its own, then.

By the way, just for your information, your Nelson Mandela quote is missing an apostrophe, because in this sense, the word "it's" stands for two words: "it is." So you might want to update your quote to read: It always seems impossible until it's done.

-- Timothy J. McGowan
English nerd extra-bore-dinaire!
Was this reply relevant?
+0
-0
Anthony Wells RE: Flash Player update for IE not reported
Expert Contributor 20th Mar, 2011 19:41
Score: 2437
Posts: 3,324
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Big thanks to you , Timothy ; the AAAHHRRNNthuni does grate on my ears :(((

I copied/pasted (being lazy) the Mandela quote a long time ago and despite being very particular concerning punctuation , I have never noticed and you're the first to comment on what should be blindingly obvious to all . I'm almost inclined to leave it as is , but guess I'll update tomorrow :))

Take care

Me .

--


It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability