In association with heise online

15 June 2010, 15:41

Flash Player 10 for 64-bit Linux vanishes, leaving some users exposed

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe's recent update for Flash Player also saw the withdrawal of the native 64-bit Linux Flash Player, which had been available on the Adobe Labs website. Adobe say this is a temporary closure of the Labs program for the native 64-bit Linux version while the company makes "significant architectural changes" and adds "security enhancements" to the player. To date, Linux is the only platform that has seen a 64-bit implementation of Flash Player, even as a pre-release. The withdrawal may be related to the rapid release of Flash Player 10.1 for other platforms, which closed 32 security holes, in response to a zero-day vulnerability in Adobe Flash Player, Reader and Acrobat.

On many 64-bit Linux platforms, the lack of a supported native 64-bit plug-in means these systems are shipped with the 32 bit version, using wrapper code to bridge the gap between the two versions. For those users, the 32-bit Flash Player 10.1 update will work and has already appeared in the update repositories of Ubuntu and other distributions. But where users have installed the native 64-bit Linux Flash Player, they will find themselves stuck on a 10.0 release of the player.

Adobe recommended that users upgrade to 10.1 to close the hole, but it appears that an updated version of the pre-release 64-bit Linux version was not ready and rather than leave a vulnerable version online, Adobe withdrew it.

This does mean that users with the previous releases of the native 64-bit Linux Flash Player could be vulnerable to any of the 32 holes fixed in 10.1. As the native 64-bit Linux Flash Player was an unsupported and pre-release Labs product, Adobe has not released a related security advisory. The H therefore advises that 64-bit Linux users check for the native 64-bit version and if installed, uninstall it and replace it with a version from your Linux distributions repository.

To check what version of Flash Player is installed, run Firefox and enter the URL "about:plugins". If "libflashplayer.so" is displayed as below, the unsupported and now vulnerable 64-bit plug-in is installed:


Zoom Vulnerable pre-release native 64-bit Flash Player installed

Otherwise, if "npwrapper.libflashplayer.so" is displayed as below, then you are running the stock 32-bit version of the player and should be on the latest version.


Zoom Latest patched version of the supported 32-bit Flash Player installed

(djwm)

Print Version | Send by email | Permalink: http://h-online.com/-1023025
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit