I’m renaming this blog to managingflash.wordpress.com

Managing Flash is even worse than it first appears.

Recent Safari updates now disable older versions of the Flash plugin. It wasn’t clear how “old” a version had to be to be disabled. Today I got an unwelcome surprise.

Most of our managed machines have Flash Player version installed. I was aware that version was available, but due to the issues here, I had not yet widely deployed it.

Today Adobe released Flash Player 11.4.402.265, and we started getting calls that Safari was blocking the Flash Plugin as out of date. Most of our users do not have admin rights, so we needed to fix it for them. I imported the Adobe Flash Player.pkg from the installer into Munki and tested an install on one machine. Flash was no longer blocked.

So I still don’t know exactly how old the Flash Player must be before Safari blocks it, but now we have to be even more proactive in keeping Flash up to date in our organizations.

All the more reason to hope that the issues with the auto-update feature have been addressed with the 11.4 release. The release notes are silent on this issue. More testing needed, apparently!

I’m renaming this blog to managingflash.wordpress.com

7 thoughts on “I’m renaming this blog to managingflash.wordpress.com

  1. That sounds like a great name! I’ve got a simple setup of Munki in my school (just Apple’s updates) and I’m considering running my own repository for things like Flash/MS Office updates etc. By the sounds of it, that isn’t so easy any more!

  2. Hey Greg,

    Why not just use Apple’s PackageMaker to snap shot the before and after changes and use a regular PKG installer? That’s what I’ve been doing and so far it seems to work well.

    1. I don’t want to do _any_ extra work. I want Adobe to ship Flash Player in Apple package format. But if I *do* have to do extra work, it seems like it would make sense to try to use Adobe’s supported installation method, if possible.

  3. While I completely agree with you, the reality is that Adobe is the M$FT of creative publishing (a monopolist) which makes them a very sloppy vendor. Although it’s annoying, using PackageMaker to repackage Flash only takes about 2 minutes and it’s about the only way to distribute Flash reliably. I also have to use PackageMaker to repackage M$FT’s Office 2011 updates. M$FT’s normal installers, like Flash, are shit.

  4. Tim Sutton says:

    Found the culprit here:


    Today mine looks like:

    Thu, 30 Aug 2012 02:11:27 GMT


    com.macromedia.Flash Player.plugin





    From the strings in /usr/libexec/XProtectUpdater, it fetches a plist from http://configuration.apple.com/configurations/macosx/xprotect/2/clientConfiguration.plist, which contains a ‘meta’ dict that matches the one on disk. The rest is all malware data identifiers.

Comments are closed.