Usually it’s people like Steve Jobs knifing Adobe's Flash Player, but this time Adobe is on the other side, killing support for Microsoft’s aging desktop browser Internet Explorer 6.
Almost no one will be affected by Adobe’s decision to ditch Flash Player support for IE6. Just 7 percent of the world use IE6, mostly from China, except one key group in the West: enterprise desktop users running Windows XP machines.
Just 1.2 percent of Australians use IE6, but in that are tens of thousands of desktop users who work for Australia’s largest organisations - the Australian Taxation Office, Westpac and National Australia Bank to name a few - that have no choice but to use the clunky, tabless browser.
Those workers are tied to IE6 because of big, old enterprise applications from the likes of SAP and Oracle which have web front-ends that only run properly in IE6.
The same goes for workers in large US organisations. Secretary of State Hillary Clinton put an end to the US Department of State's ‘IE6 cage rage’, recently announcing it would deploy a second browser, Chrome, alongside IE6 for 100,00 desktops, to support parts of the web beyond legacy applications.
The version of Flash Player that Adobe will no longer support is legacy too.
“Since Flash Player 11 was first released in September 2011, we have continued to maintain Flash Player 10.3 with security updates for users who cannot update to the current version of Flash Player,” senior Adobe security engineer Peleus Uhley said.
"In support of Microsoft's initiative to get the world to drop Internet Explorer 6 and upgrade to a newer version of Internet Explorer for a safer browsing experience, Adobe will be dropping support for Internet Explorer 6 starting with today's release of Flash Player 10.3."
Uhley said, however, that Adobe "will not block the installation of newer versions of Flash Player 10.3 on systems running Internet Explorer 6".
Adobe tackles Flash zero days with stealth updates
Threats against Windows XP and above should also decline with Adobe’s introduction of updates by stealth, which Uhley compared to the way Google updates Chrome.
“The new background updater will provide a better experience for our customers, and it will allow us to more rapidly respond to zero-day attacks. This model for updating users is similar to the Google Chrome update experience, and Google has had great success with this approach,” he said.
It will be an important security move for Adobe, which acknowledges that nearly every piece of malware installs through an exploit kit that targets widely-used but outdated software.
That makes Adobe’s Flash Player a popular target to breach mostly Windows-based systems, but also socially engineer attacks against Mac OS X users.
“Attackers have been taking advantage of users trying to manually search for Flash Player updates by buying ads on search engines pretending to be legitimate Flash Player download sites.”
Adobe released its latest Flash update on Wednesday, version 11.2, recommending consumers check the “install updates automatically when available” field, which should stop people aimlessly wandering the web for the latest Flash update only to install malware.
Enterprise, which need more controlled updated processes, will be given an option to disable silent Flash updates.
“Organisations with managed environments do have the capability to disable the background updater feature through the Flash Player mms.cfg file,” Uhley said.
Copyright © iTnews.com.au . All rights reserved.
Issue: 333 | November 2014
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.