News

Adobe promises to keep patching Flash on mobile, doesn’t say for how long

Adobe has promised to support the soon-to-be-orphaned Flash Player plug-in for mobile browsers, but has not said how long it will continue to patch security bugs in the software.

Danny Winokur, the Adobe executive in charge of interactive development, recently said that the company would release one more version of Flash Player for Android and RIM’s PlayBook before calling it quits.

That last version, labeled 11.1, shipped on Friday.

Winokur, however, pledged that Adobe would keep patching some bugs in Flash Player.

“We will of course continue to provide critical bug fixes and security updates [emphasis added] for existing device configurations,” said Winokur.

His mention of “critical bug fixes” may not mean much, as Adobe typically rates all its Flash security updates as “critical” across the board.

Another Adobe manager repeated that promise.

“Adobe will continue to ship security updates for Flash Player mobile after the final feature release,” said Brad Arkin, the company’s senior director of product security and privacy.

But neither Winokur or Arkin spelled out how long Flash Player 11 security updates will be offered for smartphones and tablets. Adobe’s public relations staff also declined to comment on a support timeline.

That struck Andrew Storms, director of security operations at nCircle Security, as odd.

“Why would they not tell us?” Storms asked. “That’s to the detriment of everybody. If they make a date [for the end of support], that would get users off it sooner and force developers to get off Flash, too.”

Storms speculated that Adobe may not have yet decided, or that commitments — such as to one or more mobile service providers — may have tied their hands.

Adobe’s support policies aren’t any help in calculating Flash Player’s remaining time because unlike Microsoft, which hews to a time-oriented support lifecycle — five years for consumer products, ten for enterprise software — Adobe does not. Instead, the company promises to support only the current major version and the one before that.

However, some times Adobe pulls the trigger early “as a result of changing market conditions and impact to customers,” according to its website . Last February, for example, Adobe retired Flash Player 9 even though Flash Player 11 had not shipped, citing the former’s five-year run and its paltry 2% market share at the time.

Adobe’s handling of Shockwave Player may be a better clue: Although Shockwave Player 11 was introduced in March 2008, Adobe is still pushing patches to users.

Ironically, Adobe did patch Flash Player Thursday, releasing 11.1 for not only Android but also desktop browsers on Windows, Mac OS X and Linux.

The update fixed 12 flaws, all considered critical , most of them memory corruption vulnerabilities. Yesterday’s update was the ninth this year for Flash Player, nearly double the number Adobe released in all of 2010.

Users running desktop browsers other than Chrome — Google also updated its browser, which includes Flash Player, — can download the patched version from Adobe’s site, the company said. While Android users can obtain Flash Player 11.1 from the Android Market, it was reported.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines