Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: violapalmer
violapalmer Author
User level: Level 1
12 points

Is Flash Player a security risk?

I got a message to update Flash Player and to download installation from the internet. Is this safe? I remember reading about Flash Player being a security risk a while ago.

iMac, OS X Mountain Lion (10.8.4)

Posted on Jul 16, 2013 10:19 AM

Reply
Question marked as Best reply
User profile for user: John Galt
John Galt
User level: Level 10
140,964 points

Posted on Jul 16, 2013 10:39 AM

Flash Player may be a resource hog but it is not in itself a security risk. What you recall reading about was a Java exploit, since fixed, that used an installer that fraudulently represented itself as a Flash Player installer. It was known as the "flashback" Trojan that caused Safari to unexpectedly quit, among other annoyances. The fraudulent prompt to download and install that Trojan was generally encountered on what can charitably be called dubious websites.


If you must use Flash Player download its installer directly from Adobe. This is the legitimate link:


http://get.adobe.com/flashplayer/


Disregard any other prompts you receive and download it from Adobe by navigating to the above link yourself.


Keep your system up to date with updates from Apple.

View in context
4 replies
Question marked as Best reply
User profile for user: John Galt
John Galt
User level: Level 10
140,964 points

Jul 16, 2013 10:39 AM in response to violapalmer

Flash Player may be a resource hog but it is not in itself a security risk. What you recall reading about was a Java exploit, since fixed, that used an installer that fraudulently represented itself as a Flash Player installer. It was known as the "flashback" Trojan that caused Safari to unexpectedly quit, among other annoyances. The fraudulent prompt to download and install that Trojan was generally encountered on what can charitably be called dubious websites.


If you must use Flash Player download its installer directly from Adobe. This is the legitimate link:


http://get.adobe.com/flashplayer/


Disregard any other prompts you receive and download it from Adobe by navigating to the above link yourself.


Keep your system up to date with updates from Apple.

Reply
User profile for user: Klaus1
Klaus1
User level: Level 9
52,749 points

Jul 16, 2013 11:06 AM in response to violapalmer

Two bugs, one affecting Apple's Mac platform and another attacking Microsoft's Windows, exploit certain Flash player vulnerabilities to install malware onto users' systems, reports ArsTechnica. While users of other operating systems like Linux have yet to report attacks, Adobe's advisory notes the exploit affects all platforms.


Designated as CVE-2013-0634, the first vulnerability targets the Safari and Firefox Web browsers running on OS X, and is also being used as a trojan to deploy Microsoft Word documents containing malware. For Mac users, the flaw affects Adobe Flash Player version 11.5.502.146 or earlier.


On March 1, 2013 Apple again blocked Flash Player for Lion and Mountain Lion:

http://support.apple.com/kb/HT5660


The Adobe Flash patch can be found on Adobe’s website, and users can visit this page to check if their software is the most curent version.


You should uninstall any previous version first, and repair permissions after installing the new version.


If you still get a ‘plug-ins blocked’ message:


http://support.apple.com/kb/HT5271

Reply

Is Flash Player a security risk?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up