Archive for September 21st, 2010

Yesterday Adobe rushed out a security update (version 10.1.85.3), one week in advance on the announced schedule, patching a critical vulnerability that has being exploited in the wild for more than one week.

As usual, users of the latest stable Firefox version on Windows are plagued with an awful manual update process, involving the installation of a ridiculous "Adobe DLM (powered by getPlus(3))" extension (forcing an extra, useless, browser restart), whose only function seems to be displaying additional banners during the download.

Even worse, this time looks like Adobe made going through this process actually impossible, on my system at least, because of a mismatch between the DLM plugin version they automatically offer, i.e. getPlusPlus for Adobe 16290, and the version actually required for downloading the Flash update with their markup:

<embed type="application/getplusplusadobe16291"
pluginspage="http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.xpi"
service-url="http://get.adobe.com/flashplayer/webservices/dlm/"
return-page="http://get.adobe.com/flashplayer/completion/dlm/"
itemid="Flash_Player_10.1_for_Windows_-_Other_Browsers"
core-product="flashplayer" dlmbanner="on" language="" os="" height="1" width="1">

As you can see, the required version is 16291, rather than 16290.

Fortunately the actual direct download URL is not impossible to discover, for instance by dinamically replacing "16291" with "16290" with a bit of javascript: magic in the address bar and sniffing the network activity.

So, if you're stuck like me or you just don't want to install this getPlusPlus crap, you probably want to use this direct link :)

Bad Behavior has blocked 2419 access attempts in the last 7 days.