Uitgavegeschiedenis Flash Player

In navolging van Microsoft heeft Adobe een maandelijkse patch tuesday (pleister dinsdag) ingesteld voor zijn Flash Player. Op deze dag verschijnen elke maand beveiligingsupdates voor de veelgebruikte Flash-plugin.

Gisteren is Flash 13.0.0.182 uitgebracht. In deze maandelijkse beveiligingsupdate worden vier kritieke lekken verholpen. Een daarvan werd geopenbaard door Vupen op de Pwn2Own hacker-wedstrijd vorige maand. Een ander Pwn2Own-lek lijkt nog niet gerepareerd te zijn in deze uitgave.

Behalve het dichten van lekken brengt Flash 13 ook enkele verbeteringen op het gebied van 3D-weergave en anti-aliasing. Ten slotte worden veel fouten opgelost in met name de Windows 8/8.1 versie van Flash.

Op deze pagina kun je - voor elke browser - controleren welke versie van de plugin je hebt.

Flash Player kun je los downloaden voor Internet Explorer (onder Windows XP, Vista of 7), Safari voor Mac en Firefox en Opera voor Windows, Mac of Linux. Ook kun je updaten via de automatische updater. Flash wordt standaard meegeleverd - en automatisch bijgewerkt - in Google Chrome. Voor Internet Explorer onder Windows 8 en 8.1 wordt Flash geactualiseerd via Windows Update.

Let op! Haal op de website van Flash het vinkje weg bij McAfee Security Scan Plus, Google Chrome of andere optionele software en klik op Nu installeren

Release notes:
These updates resolve a use-after-free vulnerability that could result in arbitrary code execution (CVE-2014-0506).

These updates resolve a buffer overflow vulnerability that could result in arbitrary code execution (CVE-2014-0507).

These updates resolve a security bypass vulnerability that could lead to information disclosure (CVE-2014-0508).

These updates resolve a cross-site-scripting vulnerability (CVE-2014-0509).

New Features for Flash Player 13:

• Enhanced Supplementary Character Support for TextField
  Characters from the Basic Multilingual Plane (BMP) with Unicode code points between U+10000 and U+10FFFF now work correctly in TextField controls.  This change greatly enlarges the code point range we support, and now includes characters like emoticons and complex CCJK characters.
• New Stage3D Texture Wrapping Modes
  Developers can currently set the wrapping mode of a texture to either clamp or repeat.  Using the repeat option will repeat the texture on both the U and V axis.  However, in some use cases, you may only want to repeat the texture on either the u or v axis.

  This is now possible with the introduction of two new parameters:  REPEAT_U_CLAMP_V and CLAMP_U_REPEAT_V

• Stage3D Anti-Aliasing for Texture Rendering
  Anti-Aliasing is a useful for improving perceived image quality.  Hardware based Multisampling Anti-Aliasing (MSAA) is now available on all desktop platforms.  To enable MSAA, set the level from 0 to 4 using the antiAlias property of the Context3D.setRenderToTexture() method.

  0 = 1 subsample, no antialiasing
  1 = 2 subsamples, minimum quality antialiasing
  2 = 4 subsamples, medium quality antialiasing
  3 = 8 subsamples, high quality antialiasing
  4 = 16 subsamples, maximum quality antialiasing

• Relocated Full Screen Video Warning to Top of Screen
  We've made a small tweak to the "Press Esc to exit full screen mode" warning that is displayed for full screen video.  We've received feedback from developers and users that the dialog obscures content.  We wanted to make a change that both satisfies security concerns and customer viewing enjoyment.  To reduce the impact of the dialog on the on-screen content, we've moved the dialog to the top of the screen.

Notable Fixes and Enhancements:

• 3620987 : TextBlock.findPreviousAtomBoundary incorrect after TextElement.replaceText when discretionary hyphens are used
• 3683154 : Cannot get a get swf file to play in Chrome browser
• 3683745 : API documentation says Event.PASTE says bubbles == false, but it is true in Flash Player
• 3690516 : TextField scrolls when it shouldn't, because it's including/considering trailing non-zero "leading" value
• 3693856 : [windows 8.1]PrintJob start() method is still crashed
• 3702884 : Flash 13 Beta: ActiveX invalidation no longer functions
• 3703799 : New version 12.0.0.44 doesn't fully install and failure to install blocks all media playing capability
• 3717098 : Exclude Windows 8.x from CUPT & SCUP catalog for ActiveX installation
• 3058752 : The 'Press ESC to exit full screen' dialog has been moved to the top of the screen for non stage video
• 3617020 : Addresses an issue where Flash Player was polling GamePad before the GamePad API was invoked
• 3683154 : [Chrome] sciencenetlinks.com - Resolves an issue where content would not load completely in rare instances where a PPAPI getDownloadProgress event was not received
• 3679210 : Resolved an issue where TextBlock.findPreviousAtomBoundary would return an incorrect value if it was called after TextElement.replaceText when discretionary hyphens were used
• 3679537 : [OS X 10.9] Flash Player's native control panel can now be launched through the right-click context menu as expected. [Requires OS X 10.9.1 (13B40) or higher]
• 3680211 : Resolves an issue where Flash Player would stop rendering when embedded in a page that also contains WebGL Canvas element and was forced to fall back to software rendering.
• 3679556 : [Win8.1] starwars.com - Full Screen content now renders in Full-Screen mode
• 3685541 : [Win8.1] Flash Player now handles IVS characters and surrogate pairs correctly in TextFields.
• 3697077 : [Win8.1] nba.com - Video controls are now correctly displayed in Full-Screen Mode
• 3685519 : [Win8.x] Pressing the Menu key on the software keyboard now correctly triggers the right-click context menu when in Modern mode.
• 3689360 : [Win8.x] Yahoo Messenger - The logo is now displayed correctly, instead of a black rectangle.
• 3702323 : Resolves a intermittent hang encountered when playing Encrypted HLS content
• 3652266 : Resolves performance and reliability issues encountered when scrubbing FLV videos produced by Flash Professional
• 3710237 : [HTTP Live Streaming] - Resolves a slow memory leak.
• 3699038 : [HTTP Live Streaming] - When switching from an Audio/Video stream to an Audio-Only stream, audio now stays in sync with main content
• 3697077 : [Win 8.1] - Video controls now display correctly in Full-Screen mode on www.nba.com
• 3703367 : [Win 8.x] - Resolves an issue where videos in Full-Screen mode were cut off when the zoom setting was greater than 100% on cnn.com
• 3685522 : [Win 8.x RT] - Corrects graphics rendering corruption in Cityville when placing new buildings
• 3698459 : [Win 8.x] - Local video playback will now start automatically when PlayTo is disconnected during playback
• 3698456 : [Win 8.x] - PlayTo will now start in the correct location when switching between the Digital Media Renderer and the local PC
• 3714236 : Chrome Mac][HTTP Live Streaming] Resolves an issue where enabling the ABR switch caused flickering
• 3712302 : [Safari 7] ProductManager.isAllowed() now returns the correct value
• 3711206 : [HTTP Live Streaming] Switching from an Audio-only stream to an Audio/Video stream now works as expected
• 3696436 : Users can be upgraded to vulnerable beta builds (windows only)
  Installing a release build over a beta build, or vice versa,without first uninstalling Flash Player is now prohibited.  Attempting to install a release build over a beta build (and vice versa) without first uninstalling will result in an error dialog and error 1161 reported in the log file.  Downgrading beta builds is now prohibited without first uninstalling Flash Player, using the latest beta uninstaller.  Attempting to downgrade the beta Flash Player will results in an error dialog and error 1162 reported in the log file.

Adobe heeft een tusentijdse beveiligingsupdate uitgebracht voor Flash Player. Flash 12.0.0.70 repareert drie ernstige lekken in de populaire browser-plugin, waaronder een zero-day lek dat al door internet criminelen misbruikt wordt. Snel updaten is dus het devies.

Twee van de lekken zijn ontdekt door het Chineze beveiligingsbedrijf Venustech. Het zero-day lek dat al uitgebuit wordt is gevonden door het Google Security Team en de beveiligingsonderzoekers van FireEye (die vorige week ook het zero-day lek in Internet Explorer ontdekt hebben).

Op deze pagina kun je - voor elke browser - controleren welke versie van de plugin je hebt.

Flash Player kun je los downloaden voor Internet Explorer (onder Windows XP, Vista of 7), Safari voor Mac en Firefox en Opera voor Windows, Mac of Linux. Ook kun je updaten via de automatische updater. Flash wordt standaard meegeleverd - en automatisch bijgewerkt - in Google Chrome. Voor Internet Explorer onder Windows 8 en 8.1 wordt Flash geactualiseerd via Windows Update.

Let op! Haal op de website van Flash het vinkje weg bij McAfee Security Scan Plus, Google Chrome of andere optionele software en klik op Nu installeren

Flash Player 12 is uitgebracht door producent Adobe. Dit is een beveiligingsupdate voor de populaire browser-plugin, die twee ernstige lekken oplost.

Ook wordt Internet Explorer 11 onder Windows 7 nu officieel ondersteund door Flash. Dit zou moeten betekenen dat diverse problemen met Flash in Internet Explorer 11 onder Windows 7 worden opgelost. Of ook de klachten van veel IE11-gebruikers over crashes en onterechte updatemeldingen van Flash hiermee aangepakt zijn is onduidelijk, maar als het goed is zullen ze dus gerepareerd worden.

In Flash 12.0.0.38 worden verder nog diverse fouten opgelost. Details kun je hieronder nalezen. Op deze pagina kun je - voor elke browser - controleren welke versie van de plugin je hebt.

Flash Player kun je los downloaden voor Internet Explorer (onder Windows XP, Vista of 7), Safari voor Mac en Firefox en Opera voor Windows, Mac of Linux. Ook kun je updaten via de automatische updater. Flash wordt standaard meegeleverd - en automatisch bijgewerkt - in Google Chrome. Voor Internet Explorer onder Windows 8 en 8.1 wordt Flash geactualiseerd via Windows Update.

Let op! Haal op de website van Flash het vinkje weg bij McAfee Security Scan Plus, Google Chrome of andere optionele software en klik op Nu installeren

• Internet Explorer 11 on Windows 7 Support

• Mac .pkg Installation Support

• Graphics: Buffer Usage flag for Stage3D

• Stage3D Creation of Context3D with Profile Arra

• [3629735] [Chrome x64] XPS Printing produces blank documents
• [3633845] [Win8.x] YouTube videos don't always resume when tapping inside the video in desktop IE
• [3637507] [Win8.1 Pepper] Camera is listed twice in the setting ui panel with Chrome
• [3638403][Mac] Extra characters render when pressing the shortcuts CMD+C, CMD+X, CMD+A, and CMD+V in Stage Web View.
• [3638538] [Win7][IE 11 - Instaback] Video continues to play for a few seconds after navigating away from page
• [3646580] [Win8.1] edit control does not handle IVS characters or surrogate pairs such as emoticons correctly
• [3641030][Mac] flash.media.scanHardware() does not work on NPAPI Flash Player
• [3649243] [Win8.x] ARM devices: YouTube controls disappear when when exiting fullscreen by invoking app bar
• [3649329] PlayTo stops in the middle when network connection is not stable
• [3652092][Win8.x] unable to upload multiple images in file-browse dialog
• [3656409] some menu controls are not refreshing when clicking controls and inputting text
• [3655274] Fullscreen (with sourceRect) doesn't work correctly in Pepper version
• [3659511][Win8.1][IE11] drawToBitmapData fails to draw correctly when using constrain mode
• [3659511] on some graphics cards, Stage3d works in software mode, instead of GPU
• [3664207] Audio continues to be heard when video is fast forwarded after a rewind operation
• [3657240] wrong value is momentarily returned after trickPlay is ended using a pause
• [3660676] KingsRoad Stage3D performance impacted on low-end laptops running Chrome with PPAPI player
• [3673798] white/black background displays in CC mode
  

Flash Player 11.9.900.152 is een beveiligingsupdate die vandaag is verschenen. Dit is de reguliere maandelijkse update voor de browser-plugin, waarin twee geheugenlekken dichtgeplakt worden die tot het uitvoeren van schadelijke code kunnen leiden.

Verder verhelpt deze uitgave van Flash diverse problemen onder Windows 8 en 8.1, zoals het activeren van de popup blokkeerder in Internet Explorer bij het bekijken van ingebedde YouTube filmpjes. Ook is het geluid bij de Logitech surround sound headset weer in stereo en zijn onvolkomenheden met HTTP Live Streaming gerepareerd.

Op deze pagina kun je - voor elke browser - controleren welke versie van de plugin je hebt.

Flash Player 11.9.900.152 kun je los downloaden voor Internet Explorer (onder Windows XP, Vista of 7), Safari voor Mac en Firefox en Opera voor Windows, Mac of Linux. Ook kun je updaten via de automatische updater. Flash wordt standaard meegeleverd - en automatisch bijgewerkt - in Google Chrome. Voor Internet Explorer onder Windows 8 en 8.1 wordt Flash geactualiseerd via Windows Update.

Let op! Haal op de website van Flash het vinkje weg bij McAfee Security Scan Plus, Google Chrome of andere optionele software en klik op Nu installeren

Uitgave opmerkingen:

• [3650590] [OSX] - App Updater Crashes on MacOS with Air 3.9
  
• [3648442] [iOS7] - Leftmost part of the text in spark TextArea and stageText get clipped when mulitline property is true.
  
• [3640207] [Android] [Captive Application] - orientationChange event handler fetches wrong stage.orientation values.
  
• [3624280] Sound now plays correctly in both channels on the Logitech G35/G930 Surround Sound headset
• [3648273] [EaseScreen] - Corrects redraw issue affecting applications that embed the ActiveX control, introduced in Flash Player 11.9.900.92
• [3646576] [Win 8.x] - Full-Screen Flash video now rescales correctly when switching between Portrait and Landscape modes multiple times
• [3646574] [Win 8.x] - Clicking on an embedded "Watch on Youtube" link no longer triggers the Internet Explorer pop-up blocker
• [3646574] [Win 8.1] - FileReference - Filtering by supported filetype now works as expected
• [3632276] [HTTP Live Streaming] - Apple segmented playlists containing i-frames no longer cause streams to pause in Trickplay mode
• [3631874] [Mac] - Content using enhanced license chaining now works as expected