The auto-updater is only provided for Windows systems in Flash 11.2. Windows users who install Flash Player 11.2 or later will see the following prompt after the successful installation.

It reads:

Security updates and enhancements are periodically released for Adobe Flash Player that can be downloaded and installed automatically.

Choose your update method:

• Install updates automatically when possible (recommended)
• Notify me when updates are available
• Never check for updates (not recommended)

The first option checks for and installs Flash Player versions automatically on the operating system. Depending on the Flash version installed, this may include one (Internet Explorer version or other browser version) or even both versions if both are installed on the system.

The second option will perform the same checks for new versions. Instead of installing new versions automatically it will inform the user instead.

Flash Player will check for updates once per hour if the first or second option are selected. Adobe notes that users need to restart their web browser after an update has been installed to use the new version of Flash Player in the web browser.

The latest version of Adobe Flash Player 11.2 is available on the Adobe Labs download page. The installer is provided for all 32-bit and 64-bit operating systems that support Adobe Flash. The very same page offer downloads for the Flash Player uninstaller for 32-bit and 64-bit systems to uninstall the test version from the system again.

The update checks for new Flash versions are added as a Windows task so that no update program is running all the time on the computer system. It is likely that this new security feature will decrease the number of successful Flash player based attacks on Windows significantly. (via)

Basically, both Flash Player and Adobe Reader / Acrobat are affected by the security vulnerability. According to Adobe’s security bulletin, the issue is actively exploited against Adobe Reader and Acrobat on Windows.

Adobe is currently working on patches and aims to release the Flash Player patch on November 9, 2010 and the Adobe Reader / Acrobat patch on November 15, 2010. That’s puzzling considering that the company has admitted that the issue is actively exploited against Adobe Reader and Acrobat.

Mitigations were posted to protect the computer system.

Deleting, renaming, or removing access to the authplay.dll file that ships with Adobe Reader and Acrobat 9.x mitigates the threat for those products, but users will experience a non-exploitable crash or error message when opening a PDF file that contains Flash (SWF) content. The authplay.dll that ships with Adobe Reader and Acrobat 9.x for Windows is typically located at C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll for Adobe Reader or C:\Program Files\Adobe\Acrobat 9.0\Acrobat\authplay.dll for Acrobat.

No mitigating factors were offered for the Flash vulnerability. The only ones that are known to work are to either disable Adobe Flash in the browser, or to use a flash blocking script such as NoScript for Firefox.

The Register has additional information about the pdf exploit. According to their information, attackers “install a nasty trojan known as Wisp, which according to Microsoft, steals sensitive user data and installs a backdoor on compromised systems.”

With patches as far away as two weeks, it is recommended to disable authplay.dll in Adobe Reader or Acrobat, and disable or block the Flash plugin in the web browser to protect the computer system against these attacks.

The HP Security Laboratory has created the application SWF Scan which can be used by both developers and end users to analyse Adobe Flash files for more than 60 vulnerabilities. Usage is pretty simple and straightforward although interpretation of the findings might require a deeper understanding of Adobe Flash or extensive research on the Internet. The application works with both local Adobe Flash files or those embedded in websites.

Users will first have to find out the direct url to the embedded flash file on the website. All web browser provide those capabilities. Firefox users for instance right-click the page and select Page Info from the context menu to get a list of objects that are embedded in the website. A click on the Media tab and a manual search for files of the type embed should be enough to find the url of the Adobe Flash file. A right-click on the flash object will open a menu with the option to copy the url to the clipboard.

Once the url has been copied to the clipboard it can be pasted into the interface of the HP SWF Scan application. A click on the get button next to the url bar will initiate a connection attempt of the Adobe Flash security scanner. If the file is a valid Adobe Flash file it will automatically try to decompile it displaying the findings in the sidebar and the actual source in the right window.

A proficient Flash user can now analyze the code on his own. Everyone else is better of clicking on the Analyze button in the header of the security program. This will analyze the decompiled source code and provide a summary to the user.

The summary contains a list of vulnerabilities that have been found in the Adobe Flash file. This vulnerabilities mean that the Flash file might be vulnerable to certain exploits. Flash developers can then rewrite part of their application to fix the discovered vulnerabilities. End users on the other hand may be delighted to know that an Adobe Flash file does not contain any of the known vulnerabilities.

SWF Scan is a free download after a mandatory registration at the HP website. It is currently only available for the Microsoft Windows operating system.