A recent report by Citizen Lab uncovered that commercial spyware was used to trick users into thinking it’s a legitimate Adobe Flash Player update. Unfortunately, this malicious download took Flash Player and repackaged it to include spyware. We have contacted the relevant service providers to request that the systems used to support these activities (e.g., email accounts and domain names) be suspended. Make no mistake, these activities are illegal and Adobe actively works to protect its users against such deceptive and harmful malware.
Adobe Flash Player is one of the most ubiquitous and widely distributed pieces of software in the world, and as such, can be a target of malicious activity. We take the security of our products, technologies and customers very seriously. Protecting Adobe’s trademarks from this type of abuse is vital to our brand and our users. Adobe commits considerable time and resources to these efforts — even participating within the Internet governance processes before the Internet Corporation for Assigned Names and Number (ICANN) to help develop, among other things, rights protection mechanisms (RPMs) aimed at safeguarding brand owners and their users from this very type of abuse.
It’s important to note that the spyware does not affect Adobe products and services. The repackaged software is a completely separate process on the victim’s machine. The Adobe brand is merely used for social engineering purposes.
Adobe continually works with our partners to help protect users from malicious downloads and to remove the need for users to manually update Flash Player. For instance, with Google Chrome browser, Flash Player updates are seamlessly delivered via the Chrome auto-updater on all operating systems. ￼For users who prefer to manually update software, the latest version can be found here: https://get.adobe.com/flashplayer/.
We encourage customers and other members of the security community to report new vulnerabilities, abuse and misuse directly to the Adobe via the Security Alert Us page.
We’re grateful for the work of groups such as Citizen Lab and ICANN, and will continue to support their efforts.
Chief Security Officer (CSO)