Flash 10.1 introduces several new key features including video hardware acceleration (only available in Flash for Windows), better mobility support including smartphone and other Internet-devices support and additional option for media delivery. Users interested in installing the new Flash Player version should note that it is not the final release but a community preview which is mainly aimed at developers.

This public prerelease is an opportunity for developers to test and provide early feedback to Adobe on new features, enhancements, and compatibility with previously authored content. Consumers can try the beta release of Flash Player 10.1 to preview hardware acceleration of video on supported Windows PCs and x86-based netbooks. You can also help make Flash Player better by visiting all of your favorite sites, making sure they work the same or better than with the current player. We definitely want your feedback to help improve the final version, expected to ship in the first half of 2010.

Interested users can take a look at the announcement over at Adobe Labs, read the release notes or watch Flash Player 10 demonstrations online.

The second major release today is the release of Adobe Air 2.0 Beta which also comes with many enhancements over the current Adobe Air release. This includes a long list of features like the following:

* Support for the detection of mass storage devices.
* Advanced networking capabilities like secure sockets, UDP support, and the ability to listen on sockets.
* Support for native code integration.
* The ability to open a file with its default application.
* Multi-touch and gesture support.
* New APIs for access to raw microphone data.
* Webkit update with HTML5/CSS3 support.
* Global error handling.
* Improved cross-platform printing
* Improved security and support for enterprise and government standards.

Like Flash Player 10.1 Adobe Air 2 is a beta release that is not aimed at the general Internet community but at developers who want to test the new technology or adapt their products to make use of these new features and options. Those users can take a closer look at the release notes and the announcement of Adobe Air 2.0 which contains follow up links to get started.

Related posts

• Flash 10 Breaks Wordpress Flash File Uploader (3)
• Find the latest and best Adobe Air apps (2)
• Adobe Flash Player Clickjacking Vulnerability (1)
• Adobe Fixes Critical Shockwave Vulnerability (12)
• Adobe Air Mooflair Video Application (2)

First statistics are now in and they do look impressive. On a global scale more than 10 million Firefox users have clicked on the Flash update link posted on the What’s new page shown after Firefox updates in one week. The Mozilla developers have published a graph displaying the overall page traffic, the amount of Firefox users with and without the latest Flash version and the click through rate of those without.

The graph shows that about half of the users who accessed that page in the first week had an outdated version of the Adobe Flash player. Between 27% and 40% of these users clicked on the link that lead them to the Adobe page to update their Flash player. This does on the other hand mean that the majority did not click on the link to update Flash which indicates that there might be room for presentation improvements to get more users to click on that link.

Users who want to test their Flash version can head over to the Adobe website to do so.

Related posts

• Mozilla Checks Flash Version After Firefox Updates (14)
• Vulnerabilities in latest Flash version (4)
• New Information about latest Flash Vulnerability (1)
• Installing Firefox and Flash From Source (8)
• Delete Flash Cookies (15)

It is possible to use a program like Flash Forge to create screensavers instead of searching for and downloading them on the Internet. Flash Forge can turn Flash files, those with the swf extension, into screensavers with just a few mouse clicks.

The program will convert the flash file that is being supplied by the user into an executable that will install the screensaver when executed. The user has the option to add multiple files to the screensaver, e.g. to add multiple movies that are played after each other. The installation program can be compressed to reduce the size of it which is useful if web distribution or network distribution is an issue.

Actions after the installation can be defined to show a readme file, open the display properties or start the screensaver automatically. Many users might probably want to turn Flash videos that they have downloaded from Youtube or other video sites into screensavers. These files cannot be loaded into the program right away. Conversion services, like the free Media Convert, can turn the flv files into swf format so that they can be loaded into Flash Forge.

The output quality depends largely on the input file. The screensaver creator has been primarily designed with non-interactive content in mind (movies or images) and won’t work that well with interactive Flash files like games. Interested users can download Flash Forge from the developer’s website. It should be compatible with most versions of Microsoft Windows. It was tested on Windows XP.

Related posts

• Create Screensavers from Youtube Videos (7)
• Wikiquote Screensaver (1)
• Wikipedia Screensaver (7)
• Vulnerabilities in latest Flash version (4)
• Use Screensavers As Vista Wallpapers (8)

That’s where the Mozilla developers began thinking about solutions for this problem. They quickly came up with the solution to test the version of the Adobe Flash plugin after Firefox updates. Regular Firefox users know that Firefox will open a what’s new page after an update. This what’s new page will contain the Adobe Flash version check.

Firefox users with an outdated version of Adobe Flash will receive the notification that it is outdated. This information contains a link that is directly pointing to the latest version of Adobe Flash at the Adobe website. Hopes are that many users who are running an outdated version of Flash will visit the Adobe website after a Firefox update to download the latest version of Adobe Flash to install it on their computer system.

Users who want to try the Flash check right now can visit the upcoming what’s new page for Firefox 3.5.3.

Related posts

• Firefox 3.5.3 (11)
• Firefox 3.03 released (4)
• Web Browser: Firefox 3.0.8 (13)
• Web Browser: Firefox 3.0.7 (5)
• Mozilla Flash Upgrade Statistics (5)

To secure a computer system running Adobe Shockwave a user would therefor have to uninstall Adobe Shockwave, perform a system restart and install the latest version of Shockwave after the reboot.

The Security Bulletin that has been published at the Adobe website gives little information about the vulnerability other than it can be remotely exploited and that it only affects the Microsoft Windows operating system. Users are encouraged to download the latest version of Adobe Shockwave on the program’s website.

It should also be noted that this vulnerability targets only Adobe Shockwave and not Adobe Flash. Thanks goes to Dante for sending me the information per email.

Related posts

• Game for the Weekend 3 iSketch (2)
• Adobe Releases Flash 10.1 and Air 2.0 Previews (1)
• Adobe Flash Player Clickjacking Vulnerability (1)
• You’d be Stupid Not To… (31)
• You better stop using Internet Explorer for now (18)

The HP Security Laboratory has created the application SWF Scan which can be used by both developers and end users to analyse Adobe Flash files for more than 60 vulnerabilities. Usage is pretty simple and straightforward although interpretation of the findings might require a deeper understanding of Adobe Flash or extensive research on the Internet. The application works with both local Adobe Flash files or those embedded in websites.

Users will first have to find out the direct url to the embedded flash file on the website. All web browser provide those capabilities. Firefox users for instance right-click the page and select Page Info from the context menu to get a list of objects that are embedded in the website. A click on the Media tab and a manual search for files of the type embed should be enough to find the url of the Adobe Flash file. A right-click on the flash object will open a menu with the option to copy the url to the clipboard.

Once the url has been copied to the clipboard it can be pasted into the interface of the HP SWF Scan application. A click on the get button next to the url bar will initiate a connection attempt of the Adobe Flash security scanner. If the file is a valid Adobe Flash file it will automatically try to decompile it displaying the findings in the sidebar and the actual source in the right window.

A proficient Flash user can now analyze the code on his own. Everyone else is better of clicking on the Analyze button in the header of the security program. This will analyze the decompiled source code and provide a summary to the user.

The summary contains a list of vulnerabilities that have been found in the Adobe Flash file. This vulnerabilities mean that the Flash file might be vulnerable to certain exploits. Flash developers can then rewrite part of their application to fix the discovered vulnerabilities. End users on the other hand may be delighted to know that an Adobe Flash file does not contain any of the known vulnerabilities.

SWF Scan is a free download after a mandatory registration at the HP website. It is currently only available for the Microsoft Windows operating system.

Related posts

• Mozilla Checks Flash Version After Firefox Updates (14)
• Vulnerabilities in latest Flash version (4)
• New Information about latest Flash Vulnerability (1)
• Mozilla Flash Upgrade Statistics (5)
• HP USB Disk Storage Format Tool (5)

The reason why the Flash uploader in Wordpress was not working anymore was that Adobe disabled the feature to open a file dialog for security reasons in Flash 10 which broke the SWFUpload script Wordpress was using.

A ticket was opened and is currently discussed over at Wordpress and a fix is assigned to Milestone 2.7 of Wordpress which aims for a release in 1-2 weeks. The best solution so far for Wordpress webmasters who use the Flash based image uploader regularly is to keep using Flash 9 for now and update to Flash 10 once the fix comes out.

Related posts

• Wordpress: Your attempt to edit this post has failed (8)
• Wordpress 2.6.5 Security Update (0)
• Wordpress 2.5.1 released (1)
• Best Wordpress Plugins (10)
• Zoundry Raven portable Blog Editor (6)

Adobe published a temporary workaround to protect the computer system against this form of attack that users should apply until the release of a patch that would fix the critical issue.

To apply the workaround users should visit the Flash Player’s Settings Manager by following the link. There they should click on the Always Deny button which would prevent any website from accessing the microphone and webcam settings.

The new setting has to be confirmed in the popup that appears automatically after clicking on the Always deny button. The patch is said to be available before the end of October.

Related posts

• Vulnerabilities in latest Flash version (4)
• Flash Cookies explained (63)
• Adobe Releases Flash 10.1 and Air 2.0 Previews (1)
• Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability (3)
• Adobe Fixes Critical Shockwave Vulnerability (12)

Research however has shown that the latest Adobe Flash version 9.0.124.0 is not vulnerable unless it’s the standalone version on Linux. That means that Windows (and Macintosh) users who have the latest Flash version installed are not vulnerable to the exploit and that Linux users should make sure that they are not running the standalone version of Adobe Flash. Windows users are only vulnerable if they are not running the latest version of Adobe Flash but version 9.0.115.0 of the application.

The latest version of Adobe Flash can be downloaded at the official website. The exploited vulnerability was fixed by Adobe on April, 8 2008 and a detailed report is available here.

Related posts

• Vulnerabilities in latest Flash version (4)
• Mozilla Flash Upgrade Statistics (5)
• Mozilla Checks Flash Version After Firefox Updates (14)
• Adobe Flash Security Scan (2)
• USB Flash Drive with Capacity Meter (3)

If the system meets the requirements the exploit is used to download and execute trojans that steal information and droppers that download additional trojans. Information that are stolen are for example World of Warcraft account information while the droppers download files that add the computer to a botnet. (according to Trendmicro)

Most antivirus companies have already updated their software to disable the possibility that this exploit can be used on the computer the software is running on. Your best bet if you do not use antivirus software is to either disable Flash for now or use an extension like NoScript to block Flash on every domain but trusted ones.

Related posts

• New Information about latest Flash Vulnerability (1)
• Mozilla Flash Upgrade Statistics (5)
• Mozilla Checks Flash Version After Firefox Updates (14)
• Adobe Flash Security Scan (2)
• Adobe Flash Player Clickjacking Vulnerability (1)