Since your entire question linked to an external site and did not clearly represent the destination of the link, I unlinked it.
For completeness, here's the link to the Google Zero announcement you referenced.
In case you were unaware, our engineering organization works closely with Google Zero and many other partners in both industry and academia to ensure that we're adapting to the latest threats in both emerging research and in the real world, and the security of end-users is of paramount concern.
To address your specific question, when you update from the Flash Player Native Control Panel, we provide a streamlined workflow that downloads the installer to a temporary directory, executes it, and ultimately removes it upon completion.
If you're not comfortable with this mechanism and would like more visibility and control over the installation process, you can always download the installer directly from http://get.adobe.com/flashplayer and execute the installation manually.
Thank you for answering. Sorry about connecting the google link that was a mistake. If you don't mind could you tell me when Adobe started this? When I last updated Flash to 184.108.40.206 I got a DMG file. Hence my confusion.
This isn't a recent change. There are two kind of Flash Player releases, informally we refer to them as "loud" and "quiet". Major feature-bearing releases are typically "loud" releases, and require you to download them directly from the Adobe website. This is primarily a cost-recovery measure that Adobe has instituted to offset some of the tremendous cost involved in providing Flash Player free of charge. For "quiet" releases, like the recent one, we don't require you to manually go to the website and download an installer. We still serve you an installer, but it's downloaded to a temporary directory, executed and destroyed after installation.