6 Replies Latest reply: Feb 9, 2013 1:50 AM by Magnus Lewan
Magnus Lewan Level 4 Level 4 (3,655 points)

This is mainly a paranoid question, but how do I know if a Flash installer is legitimate?

 

When I opened Safari today, I got prompted to update Flash. However, the window prompting the Flash update could have been launched from some open browser tab in Safari or another browser, couldn't it? So when I look at the window that prompts me to upgrade, what could I use as a sign to tell that this is a valid legitimate request to update?

 

As I am paranoid, I cancelled the update process and went to adobe.com and downloaded the update from there. In that way I at least know the origin of the file. However, surely that should not be necessary. Surely there is a way to recognise a legitimate update prompt?

  • 1. Re: How does one know if Flash is legitimate?
    Ralph Landry1 Level 7 Level 7 (32,445 points)

    As always, look at the URL and see if it looks right, has misspellings, etc.  Safest is always to do what you did and go to the company's site and download from there.

  • 2. Re: How does one know if Flash is legitimate?
    dominic23 Level 7 Level 7 (20,930 points)

    Take it from Apple. That is the only way if not updating from installed Adobe Flash/System Preferences.

     

     

    http://support.apple.com/kb/HT5655

     

     

    Best.

  • 3. Re: How does one know if Flash is legitimate?
    Magnus Lewan Level 4 Level 4 (3,655 points)

    The worrying thing is that I did not see any URL. I should have taken screenshots to double check, I know, but I'm pretty sure I did not. The prompt came out of nowhere.

     

    Besides, even if I look at a URL, it may superficially look legitimate, like this one I just made up:

     

    http://www.аⅾο  е.cοm

     

    And yet, in that URL, there is none of the letters a, d, o, b or e. I patched it together from different unicode letters that just look like latin. The URL does not go anywhere useful at all, and definitely not to adobe.com.

     

    For now, I think I will stick to being paranoid.

     

    Message was edited by: Magnus Lewan .

     

    Luckily Apple's discussion forum broke the display of the URL. In another context it may look legitimate though.

  • 4. Re: How does one know if Flash is legitimate?
    Klaus1 Level 8 Level 8 (44,485 points)

    Only EVER download Flash Player from Adobe's own website.

     

    Two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.

     

    Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.

     

    The Adobe Flash patch can be found on the company's website, and users can visit this page to check if their software is the most curent 11.5.502.149 version.

  • 5. Re: How does one know if Flash is legitimate?
    Allan Jones Level 7 Level 7 (30,435 points)

    In System Preferences > Flash Player, I turn off Flash Player's ability to check for update:

     

    Screen shot 2013-02-08 at 4.53.08 PM.png

    That way, if any pop-ups say Flash needs updating, I know they are bogus.

     

    I manually check for updates about once a week.

     

    NOTE: Even with manual updating, the brain-dead Flash installer resets your Prefs to "Allow Adobe to install updates (recommended)." After every manual update, remember to desecelt that option in System Preferences.

  • 6. Re: How does one know if Flash is legitimate?
    Magnus Lewan Level 4 Level 4 (3,655 points)

    Allan Jones wrote:

     

    That way, if any pop-ups say Flash needs updating, I know they are bogus.

     

    I manually check for updates about once a week.

     

    NOTE: Even with manual updating, the brain-dead Flash installer resets your Prefs to "Allow Adobe to install updates (recommended)." After every manual update, remember to desecelt that option in System Preferences.

     

    On an emotional note, all this does not really make us love Flash, does it? I have disabled Flash completely in Firefox, which is my "main" browser, but every now and then, it just comes back, and I have to disable it again. I just have disabled it about ten times last year and not enabled it once. Whenever I have to use a site with Flash, I launch Chrome or Safari.

     

    Thank you everyone for your help.