Posted on 07-17-2012 10:40 AM
So, more of an FYI, but I found that if you drag the pkg out of the Adobe Flash Player installer and use that as your install package for Flash Player, you're going to be missing a component of the self-updater system.
To some folks, this may be fine, but others (like us) may want Adobe pushing those updates as 10.7.4 will disable the Flash plugin if it detects that it's out of date.
The difference? The Adobe package also installs /Applications/Utilities/Adobe Flash Player Install Manager.app
Unfortunately, there's no version on the app so it makes it a bit more difficult to keep this component up to date. It may make sense to take an MD5 hash of it (it's only 554k) as an extension attribute and if it no longer matches, you know you need to update it as part of your Flash plugin update process.
Posted on 07-17-2012 10:50 AM
Doesn't look like Adobe has included a short version string for Adobe Flash Player Install Manager.app, which would appear in the Finder's Get Info window, but it does include a bundle version.
defaults read /Applications/Utilities/Adobe Flash Player Install Manager.app/Contents/Info.plist CFBundleVersion
Mine is currently at "11.3.300.257".
Posted on 07-17-2012 10:54 AM
Ah okay cool. I also found that to update the plugin through their updater mechanism you still need admin rights. I thought they may do something elegant like have a Daemon that will do it on the user's behalf once it was installed the first time (with admin rights - or Casper, for instance) but no. That would have allowed totally silent updates of the plugin but no, not that elegant.
Looks like I'll still forever be pushing Flash updates :/
EDIT: My coworker just pointed out, "If they came up with such an elegant updating solution, maybe their products would be more secure in the first place." hahaha
Posted on 07-17-2012 11:02 AM
From Apple support req I put in -
"Product Engineering has stated that this is a one-time disabling of Flash 10.1.102.64 and below. It is not an ongoing feature.
If your current version of Flash is newer than 10.1.102.64, then you can install Safari 5.1.7, assuming that it passes your compatibility tests."
In my experience, Safari isn't actively disabling flash as long as it's newer than that version (at least so far).
Posted on 07-17-2012 11:02 AM
just install chrome and get auto-updates for both the browser and flash plugin. done and done. then stop supporting standalone flash…
Posted on 07-17-2012 11:09 AM
Of all my Macs that I'm managing I've installed Flash on less than two or three. I'm lucky that my users don't have a demand for it.
I did find that an internal developer was actually writing something in Silverlight for an internal website. Fortunately, I didn't exclude it when installing Office.
Our Windows brethren are installing both Flash and Silverlight plus Shockwave as part of their standard build. I guess they determined the hassle of Help Desk calls from users outweighed the hassle patching these technologies.
Posted on 07-17-2012 11:24 AM
just install chrome and get auto-updates for both the browser and flash plugin. done and done. then stop supporting standalone flash…
And you thought getting where I'm at to flip browsers would be easier than where you're at? ha! :) I'd love to...
Our Windows brethren are installing both Flash and Silverlight plus Shockwave as part of their standard build. I guess they determined the hassle of Help Desk calls from users outweighed the hassle patching these technologies.
Yeah I am on the fence of just yanking it from the standard build and keeping it in Self Service. It would at least lower the exposure.
Posted on 07-17-2012 11:47 AM
that's why i mostly automated the process of packaging flash and other moving targets. if the organization insists on supporting consistently problematic/crappy software, the least you can do to preserve your sanity is to automate away the work.
Posted on 07-17-2012 06:11 PM
@jarednichols
Yeah I am on the fence of just yanking it from the standard build and keeping it in Self Service. It would at least lower the exposure.
Would be great to find a wrapper PKG that the full Flash installer can be put in, so it can be pushed without stripping it down and losing that functionality. This way it can be hosted in Self Service...hmm...calling Greg Neagle... :)
Posted on 07-18-2012 05:09 AM
I think what you could do is just package the Adobe Flash Player Install Manager.app separately and it'll work. I'm curious about the system Nate's using...
Posted on 07-18-2012 05:21 AM
Thanks for the info on that. I had seen the Flash Player Install Manager app in Utilities, but didn't correlate that it got installed with the 11.3.300 rev of Flash. Makes sense though.
I suppose in the short term, we could package up just that single app and push it alongside the pkg extracted from the full installer in one policy. Since we're not limited to a single installer in a policy.
Posted on 07-18-2012 09:28 AM
@jared no magic here. i've posted the link to my luggage makefile before. it's not fully automated mostly because of all the manual clicky-clicky work required to get the payload into casper admin.
i'll update the makefile to accommodate the updater app. i haven't needed (or been asked) to distribute that yet, but it's easy enough to do. just roll it up, yo.
Posted on 07-18-2012 10:04 AM
Ah okay. Thought that's what you were on about. The Luggage is on my list of things to R&D.
Posted on 07-18-2012 08:44 PM
Silent installer uses a LaunchDaemon (com.adobe.fpaud.plist) which calls;
/Library/Application Support/Adobe/Flash Player Install Manager/fpsaud
(hourly) binary to check for updates and installs it silently.
I think this happens only if you logged in as an admin to the computer.
P.S: Also found that silent auto updater will install "Adobe Flash Player Installer Manager.app" automatically next time it updates.