4 Replies Latest reply: Sep 10, 2013 9:43 AM by Klaus1
violapalmer Level 1 Level 1 (0 points)

I got a message to update Flash Player and to download installation from the internet. Is this safe? I remember reading about Flash Player being a security risk a while ago.


iMac, OS X Mountain Lion (10.8.4)
  • 1. Re: Is Flash Player a security risk?
    John Galt Level 8 Level 8 (36,395 points)

    Flash Player may be a resource hog but it is not in itself a security risk. What you recall reading about was a Java exploit, since fixed, that used an installer that fraudulently represented itself as a Flash Player installer. It was known as the "flashback" Trojan that caused Safari to unexpectedly quit, among other annoyances. The fraudulent prompt to download and install that Trojan was generally encountered on what can charitably be called dubious websites.

     

    If you must use Flash Player download its installer directly from Adobe. This is the legitimate link:

     

    http://get.adobe.com/flashplayer/

     

    Disregard any other prompts you receive and download it from Adobe by navigating to the above link yourself.

     

    Keep your system up to date with updates from Apple.

  • 2. Re: Is Flash Player a security risk?
    Klaus1 Level 8 Level 8 (44,495 points)

    Two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.

     

    Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.

     

    On March 1, 2013 Apple again blocked Flash Player for Lion and Mountain Lion:

    http://support.apple.com/kb/HT5660

     

    The Adobe Flash patch can be found on Adobe’s website, and users can visit this page to check if their software is the most curent version.

     

    You should uninstall any previous version first, and repair permissions after installing the new version.

     

    If you still get a ‘plug-ins blocked’ message:

     

    http://support.apple.com/kb/HT5271

  • 3. Re: Is Flash Player a security risk?
    Jp Cooper Level 1 Level 1 (35 points)

    Klaus1 wrote:

     

     

    On March 1, 2013 Apple again blocked Flash Player for Lion and Mountain Lion:

    http://support.apple.com/kb/HT5660

    To clarify KLAUS1's post - The above link is for a security risk to JAVA -- NOT FLASH PLAYER.

  • 4. Re: Is Flash Player a security risk?
    Klaus1 Level 8 Level 8 (44,495 points)

    What has that older Java announcement to do with the Flash Player problem being discussed here?