There have been a lot of articles lately about security problems with Flash Player and recommendations to update Adobe plug-ins. But you may be wondering a few things, such as what the heck is a plug-in? How do you know if the version of Flash you have is the one that needs updating? And how do you make sure you’re as safe as possible when updating the software, given the constant flood of problems that are being reported? These are all valid concerns that we’ll clear up, putting your mind at ease when it comes time to update Adobe Flash Player.
What is a Plug-in?
Let's start with the basics. Plug-ins (or "plugins" – both are correct) are software elements used by web browsers, often to display certain types of content such as Flash or Java. Sometimes these come with your browser automatically, but sometimes you have to add them. When it comes to plug-ins, it can be hard to know what you have installed or what version you have.
Adobe's Flash Player is one of the most popular plug-ins on many websites, developed as multi-platform software for use on all the major operating systems. This plug-in provides what is called "Active Content," meaning it adds additional functionality to web pages for interactive or media-related capability.
What's the Security Concern with Plug-Ins?
These powerful applets can be embedded in web pages and provide the opportunity to access users across all operating systems, which means the software is a popular attack point for malware authors. For instance, it has been known for some time now that Java is not particularly safe, and the list of open issues does not seem to be decreasing. But Flash too has had its share of problems lately, which has led to Apple blocking older versions of the plug-in.
Flash was not included on iOS, in part because of these security vulnerabilities along with other performance issues. Although this has helped decrease the options malware authors have for attacking iDevices (remember when Steve Jobs took heat for the decision not to include Flash support in iOS?), Flash continues to be popular on many websites, and users are frequently prompted to update their software.
Sometimes multiple updates for Flash or Reader can occur in the same month. Adobe notifies Flash and Reader users of new available updates by displaying a notice regarding the availability of the new software. But when you see this type of notice from Adobe, how can you tell if the Flash update is valid or an attempt to install malware on your Mac?
How to Verify Which Flash Version You Have Installed
Your web browser can tell you the plug-ins you have installed and which versions:
- In Safari, choose Help > Installed Plug-Ins. A web page will open in Safari that provides a list of the plug-ins, their versions, and the types of content they manage.
- In Firefox, choose Tools > Add-Ons and choose the Plugins tab.
- In Chrome, Flash Player will automatically be updated to the latest Google Chrome version, so you can rest assured the version you have is the latest.
As you can see, it’s pretty simple to find out which versions of software you are running. Now that you know, how can you tell if the versions you have installed are the latest versions? The answers vary depending on your browser, but the solutions are basic.
If your Flash version is outdated and you use Safari, it's normal to see an error message indicating a blocked plug-in when trying to run any Flash content. Apple has a support page describing what you can do if you see this error message:
If you're not using Safari, you should go directly to the source of the plug-ins for the information.
How to Verify the Latest Flash Version
If a Flash installer notice pops up and tells you that your software is outdated and to download and install a new version, you can check with Adobe to verify if an update is necessary. Type this web address directly into your browser address bar:
On this page, Adobe lists the latest Flash Player version information for all operating system platforms. The page also displays your current version information, helping you quickly and easily determine if you do in fact need to update your software. Whenever you have doubts about whether your software is up-to-date after receiving a Flash update notice, use these techniques to find out if you need to download new versions of your software.
Where to Get Trusted Adobe Updates
Because malware authors will frequently employ tricky tactics to make malware look like something you should trust, it's important to get your updates only directly from the vendor that publishes them. You can head over to Adobe's site for Flash Player updates. The same goes for Adobe Reader updates as well.
Why Flash Player Update Notices Can Be Problematic
The most widely known example of a fake Flash update is the Flashback Trojan horse, which first masqueraded as a Flash Player installer package targeting Mac users. Over 600,000 Mac users installed the fake update to Adobe Flash thinking it was valid, thereby infecting their machines with malware. The problem of identifying whether a Flash update notice is legitimate is a common concern among many users, but there are ways you can tell if that Flash Player update is real.
Due to the latest string of attacks coming through Adobe's software, many of you may opt not to install or run any Adobe software, and some of you may not know if you have browser plug-ins enabled. If you do use Adobe or aren't sure if you have the software enabled or which version of Flash you have, as we've discussed, there are ways to check for this information before downloading something from a possibly sketchy-looking Adobe Flash Player update notice.
Be Skeptical of Program Installers
If Flash or Reader plugins are enabled, Adobe will prompt users to download and install new updates with automatic update notices. However, it's a good idea to always doubt the validity of automatic software update notices, especially those for Adobe Flash Player or Adobe Reader. When visiting a web page, if you are asked to install a program or item on your machine, do not trust it and quit your browser.
Sometimes malware is served from a web page that looks like a program running on your machine or an open window on your desktop. For example, several variants of the Flashback Trojan served malware from web pages made to appear like your Flash plug-ins crashed and required an update using a fake Adobe Flash installer. If you ended up on a site that was serving Flashback malware, you would have seen something similar to this:
Other examples of this type of malware scheme include tactics used by makers of the infamous fake antivirus for Macs commonly known as MacDefender. Therefore, you should only install programs on your system if you are confident knowing where exactly they came from.
With a seemingly endless onslaught of security issues associated with Flash Player, the importance of keeping all of your software updated cannot be stressed enough. It is one layer among many that keeps your digital life away from bad guys. If you update your software on a regular basis and follow these techniques to ensure safe software downloads, you'll never again have to second guess the validity of a random Flash installer notice.