How to see if a Flash Player update proposal is not a fake one?

Report · Sep 21, 2014

I'm getting very regular update proposals of my installed Flash Player.

Sometimes these update proposals are so frequent that I suspect some of them can't be serious ones..

Everytime I see the same window without any information about the update this is

proposing me:

I feel it is pretty too easy to make a fake window of this Flash Player update proposal window.

To build a virus which will pretend to be a Flash Player update, a cybercriminal just need to make

a copy of the always identical Flash Player update proposal window, and fire any sort of crapware download

from there.

I imagine the worldwide success of the Flash Player false updaters is coming from this much too

easy window without any version or new information.

Isn't there a potential target of 1.3 billion connected PC?

How may I recognise if a Flash Player update proposal is an official one or any fake?

Report · Sep 22, 2014

You are right: it is nearly impossible to tell if such a pop-up is authentic or fake.

To avoid falling for a fake update, download and install updates manually when they become available.

Report · Oct 24, 2014

FYI: If you supplied the genuine link here, I think your response would be perfect.

Report · Oct 30, 2015

pwillener

I believe I have received just such a file as BlueSkiesCreative is concerned about. My Chrome flagged the file as potentially dangerous which has never happened with Flash Player downloads before. In addition, when I checked I was at the current level.

Is there no one who's sufficiently interested to receive reports of these events, even the files and or source sites so that appropriate measures can be taken? While I recognize the validity of only downloading manually, Adobe Flash Player has a massive user base and the vast majority won't know that this is advisable and won't know how to go about doing so without directions. If your suggestion is such a good idea, why does Adobe Flash Player default to automatic update rather than notification that an update is available with a link to a page in the Adobe domain with directions on how to perform a manual download and why that's the best approach?????

It appears that Adobe doesn't take these kind of questions directly as the Support section only offers the Forum, a few manuals, and FAQs as points for assistance, I downloaded the Administrator guide for Flash Player 19 and the Security section said NOTHING about this issue. If Adobe doesn't care if fraudulent files are downloaded in their name then they deserve even less trust from their users than they already have. The vast majority of providers, even the massive ones with global reach, have some mechanism to report fraud concerns or bug concerns for users and not just developers, if there are any. I'm shocked that Adobe doesn't have something along those lines.

I'm turning off Auto Update in all of my browsers immediately until a more rational method of dealing with this issue is publicized.

Thank you for your attention

Paul

Report · Nov 02, 2015

The screenshot posted in the first post does look authentic. However, producers of fake Flash Player installers do go to great lengths to mimic the official Flash Player installer branding.

WRT "Is there no one who's sufficiently interested to receive reports of these events, even the files and or source sites so that appropriate measures can be taken?"

Yes, Adobe takes this very seriously and does actively pursue sites that host malicious Flash Player installers. Information on reporting sites hosting malicious installers is available here Notifying Adobe of Security Issues I frequently forward malicious sites, reported by users here on the forums or that I find when searching for them, to our fraud department. You can also private message me the complete URL to a malicious site.

--

Maria

Adobe Community

How to see if a Flash Player update proposal is not a fake one?

1 Correct answer