Help! Anyone?  Adobe???

OMG-is-NoScreenname-Avail wrote: Help! Anyone?  Adobe???

Just to clarify: this is a user-to-user forum, not Adobe Support.

eidnolb,

No that doesn't help at all.  Those instructions direct users to the Flash Player Download Center.  It is impossible for users to securely download Flash from the Flash Player Download Center.

ʇɐb ɹəuəllıʍ,

Yes, well, only Adobe can fix the problem; I was hoping some Adobe employee would happen to notice and take action, given this is a Critical security vulnerability; You agree this is a valid problem, right?

I was not aware of a way to get in touch with Adobe to report unresolved security vulnerabilities.  I just poked around and http://blogs.adobe.com/psirt/ eventually led me to the Adobe Security Report Form which I've filled out.  

(Amusingly, Adobe's "Notifying Adobe of Security Issues" web page says, "Adobe takes security very seriously and aims to quickly address any security-related problems involving our products. We've set up an email address that customers   can use to report security issues to us directly." In fact, it seems they do not, as they've not provided this "email address that customers can use to report security issues" on said web page.)

We'll see if Adobe finally gets its act together.

Adobe's statement that I quoted, "Adobe takes security very seriously..." is a blatant lie in my view.
Adobe didn't even bother to respond to my Security Report, and AFAICT, has taken no steps to address the issue I raised here an in my Security Report!

I tried one more thing - I opened a JIRA account and reported the issue that way.  Result:

I'd recommend posting on our security form (see link below.)  I can't promise that you'll get a response, but this issue will be reviewed.  I'd recommend asking for a response though, given your concerns.

http://www.adobe.com/support/security/alertus.html

Thanks,

Chris

Chris, thanks for trying, but I've long since done that.

You weren't looking closely enough at what I wrote, which indicated I'd already done so: I wrote, "I just poked around and http://blogs.adobe.com/psirt/ eventually led me to the Adobe Security Report Form which I've filled out."

The text "Adobe Security Report Form" in my earlier post is linked to the URL you posted.

It's the same Security Report (Form) I refered to two more times when I wrote:

Adobe's statement that I quoted, "Adobe takes security very seriously..." is a blatant lie in my view.
Adobe didn't even bother to respond to my Security Report, and AFAICT, has taken no steps to address the issue I raised here an in my Security Report!

Since Flash Player updates are now downloaded and installed silently in the background, this is no longer an issue.

B.t.w. I don't see anybody in the whole world making downloads available via https

Wow, I'm having trouble biting my tongue over your comment, Pat. 

What makes you think that, assuming what you claim now happens is true - that "Flash Player updates are now downloaded and installed silently in the background", that the issue has in any way been addressed.  Wishful thinking?

Oh, and "Flash Player updates are now downloaded and installed silently in the background" is not even true.  Seems like more wishful thinking.

In the latest version of Mac OS X, when one visits a site with flash with an out of date flash player in Safari, it displays "Blocked Plug-in". If one clicks there, the same damn problem still exists.  I'm led to

Clicking "Blocked Plug-in" opens http://plugins.apple.com/AdobeFlash-en-us

which redirects to http://get.adobe.com/flashplayer/

clicking on the "download now" button on that page goes to http://get.adobe.com/flashplayer/completion/?installer=Flash_Player_11_for_Mac_OS_X_10.6_-_10.8

which triggers a download - what of? where from?

http://fpdownload.macromedia.com/get/flashplayer/pdc/11.4.402.265/install_flash_player_osx.dmg, http://get.adobe.com/flashplayer/completion/?installer=Flash_Player_11_for_Mac_OS_X_10.6_-_10.8

Oh, and holy smoking lard mound, Batman!  Adobe hasn't even signed the thing!

% /usr/bin/codesign -v install_flash_player_osx.dmg

install_flash_player_osx.dmg: code object is not signed at all

Same damn problem.  Adobe doesn't give a flying **** about security.

Pat Willener wrote: B.t.w. I don't see anybody in the whole world making downloads available via https

You're ignorant.  I don't mean that as an insult; just a statement fact.  One of the folks making downloads available via https, by default, is a pretty new company based in Mountain View, California: Google.  Heard of 'em?  They offer a bunch of app downloads, like Google Earth, Google Chrome, the whole Google Play store, AKA Android Market, Google B and started addressing this problem in 2010.  I'd bet it's no longer an issue for them (but I'm not sure; haven't checked every app).  They're not alone.

Looks like Adobe's been forced by Apple's Gatekeeper to get with the program.

%codesign -vv /Volumes/Flash\ Player/Install\ Adobe\ Flash\ Player.app/

/Volumes/Flash Player/Install Adobe Flash Player.app/: valid on disk

/Volumes/Flash Player/Install Adobe Flash Player.app/: satisfies its Designated Requirement