-3

Well basically as an experienced user I am really afraid on the way that Adobe deeply resides into all my Windows based workstations. Basically in every machine that has some Adobe solution when we restart the explorer process (stops/start from task manager), the update flash (image below) prompts out of nowhere, even if I dont have any adobe process running...

So here are my questions:

How much are we vunerable to an massive malware dissemination thru fake adobe update inception ?

How are our privacy protected from a proccess that resides into our explorer.exe that goes to the web detecting if we have or not an updated version of it what wahat else it does ?

Update Flash Prompt

Roger Barretto
  • 103
  • 2
  • 3
    Can you decide which of those 3 questions you would like answered? And how would you measure "how much are we vulnerable"? – Rory Alsop Aug 22 '13 at 12:54
  • 1
    When I'm in your side (trying to help) those are the last questions that will ever cross my mind. By the way, fell free to answer one or all the 3 questions. Thanks. – Roger Barretto Aug 22 '13 at 13:00
  • 2
    @Roger - A better solution modify the question and ask a single question. – Ramhound Aug 22 '13 at 13:53
  • @[Closers of this Q] it seems clear enough to me the gist of what is being asked (questionable grammar aside). @Roger It is wholly within reason that the update process could be hacked. My experience tells me if the update is done with an RSA-ECDHE algorithm then we are likely OK.. for a while anyway. If it is just RSA 1024, hope you like the NSA. I am not sure if that is what is used. And I don't care much. Why? Because literally everything could be vulnerable, if you are using flash surely you are connected to the net. If the info is truly TOP SECRET then DISCONNECT IT from the net! – BAR Oct 14 '13 at 23:30

1 Answers1

2

As far as I know, Adobe just uses the standard features provided for Windows in order to bring up those dialogs. There really isn't anything particularly scary or risky about them. Adobe signs their updates and appears to connect over SSL when checking(I did a quick test with Acrobat's check for updates), so it shouldn't be a significant risk of someone hijacking the updates to inject their own.

This really doesn't seem like anything other than normal and desired behavior. There is a far larger risk of something like Flash being allowed to remain outdated after a security fix is released. This can and would make your system vulnerable if you didn't update to fix it, so performing a secure check if the software is current and recommending updates is the most secure thing they could do.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110