4 Replies Latest reply on May 18, 2015 6:36 PM by jeromiec83223024

    Are Adobe Flash Player updates fake?


      I've never heard of a Security Breach on Android through Adobe Flash Player and that has not been updated for years yet runs on millions of tablets. So what exactly are Flash Player updates doing? Are they merely a Trojan Horse to get McCaffrey etc. onto my PC or are Adobe programmers so bad that they cannot write decent software in the first place? I can understand something as complex as Windows needing frequent updates but even they decrease after a few years. Do all Adobe products suffer from the same problems? If not, what exactly is going on? Has anyone never updated Flash on a PC and had problems?

        • 1. Re: Are Adobe Flash Player updates fake?
          pwillener Level 8

          Two types of updates

          1. version upgrades: new features
          2. version updates: security fixes


          If you don't install the upgrades, many websites will refuse to show Flash content.


          If you don't install the security updates, many browsers will disable the plugin.


          3rd-party bundled software can easily be avoided by using the offline installers.

          • 2. Re: Are Adobe Flash Player updates fake?
            andyjenk2 Level 1

            Thank you for the reply. I have yet to find a website which refuses to play on the version available for Android. That surprises me. Could you give me a couple of examples, please?


            Where will I find exactly what an update is designed to do? I would have more trust in Adobe if I knew.

            The fact that Adobe now forces me to have McCaffrey installed makes me wary of Adobe. If I miss the fact that it has been installed it can conflict with my existing protection rendering my PC vulnerable.


            You have not explained why Adobe needs to issue so many updates when other software companies do not.

            • 3. Re: Are Adobe Flash Player updates fake?
              pwillener Level 8

              I am unaware of any Flash Player for Android (except very old versions, on old Android versions).


              I don't know what sites don't deliver Flash content to old Flash Player versions, but there are regular complaints here in the forum.  I believe Youtube is one of them.  But since I always update software on the day an update is released, I have never personally encountered the situation.


              Release Notes are issued for every major Flash Player version: https://forums.adobe.com/thread/1843037


              When vulnerabilities or bugs are detected, the Flash Player developers try to issue a fix as soon as possible.  This may be inconvenient to some users, but I want to have security and bug fixes as soon as possible.


              As for "McCaffrey" (McAfee), I don't need it, so I always use the offline installers on all my machines.

              • 4. Re: Are Adobe Flash Player updates fake?
                jeromiec83223024 Adobe Employee

                Yep, Android is a few years behind on security updates, and no, there's no grand conspiracy here to get you to install stuff.  Updating Flash Player is tremendously expensive, and because of it's ubiquity, it's the subject of a tremendous amount of effort both on offensive and defensive security fronts.


                There's a saying in security circles these days: "there are two kinds of companies, those that have been hacked, and those that don't know they've been hacked".  If you're actually in a position to know that your machine is pristine and you haven't updated, you're super lucky, congratulations.  Like immunization, herd immunity is an important part of protecting not only your personal data, but the Internet at large from emerging threats.  Keeping your stuff updated is smart, but you're free to choose that opt-out option at any time.