Skip to main content
K
kschaffn1
Participant
December 29, 2019
Answered

Flash Player Install Manager on Mac

  • December 29, 2019
  • 3 replies
  • 9802 views

This is a file on my computer that I didn't download. It is in utilities and it seems legit. It matches the version that my computer automatically updated to and the last modified date was a date that Adobe did a security update. Could this just be a left over file? It was never opened. It is just there.  I believe it happened around the time I tried and failed to update my computer to Catalina.  Is this file most likely legitimate? It personally is stressing me out as I found it trying to make sure I didn't download something from a pop up (which happened a month later) and which nothing downloaded from. 

This topic has been closed for replies.
Correct answer jeromiec83223024

Folks, let's not guess and make spooky assertions about security questions.  That's not helpful.

 

There is a helper utility that handles automatic updates, and now, as we reach the end of life for Flash Player, is encouraging you to uninstall before the last possible day.  We really want to drive the population down so that people are discovering and resolving issues now, instead of over the holidays, when nobody will be around to help.

 

Anyone can name a file anything, so filenames are absolutely useless in terms of determining legitimacy or safety.

 

There's a super straight-forward, authoritative way to answer the "is this file legit?" question.  It's called Code Signing.  https://en.wikipedia.org/wiki/Code_signing

 

Code signing provides an authoritative, cryptographically secure way to determine who created a particular binary (a.k.a non-repudiation), and validating a code signature inherently confirms that the copy you have is a bit-for-bit match for the one that was signed and shipped by the author.

 

On Mac, you can verify the code signing certificate on that file from the terminal.  There's a decent guide here: 

https://osxdaily.com/2016/03/14/verify-code-sign-apps-mac-os-x/

 

Here's what a legit copy looks like on my machine.  Depending on the version you have installed, the hash values might change, but it should be signed by Adobe Inc. or Adobe Systems Incorporated on older versions that pre-date the company's recent name change.

 

Here's what it looks like on my machine: 

 

labuser@labmachine: codesign -dv --verbose=4 /Applications/Utilities/Adobe\ Flash\ Player\ Install\ Manager.app

 

Executable=/Applications/Utilities/Adobe Flash Player Install Manager.app/Contents/MacOS/Adobe Flash Player Install Manager

Identifier=com.adobe.flashplayer.installmanager

Format=app bundle with Mach-O thin (x86_64)

CodeDirectory v=20500 size=26736 flags=0x10000(runtime) hashes=828+3 location=embedded

VersionPlatform=1

VersionMin=656896

VersionSDK=658432

Hash type=sha256 size=32

CandidateCDHash sha1=8a85333379797e7c7f8d0bcea944c9af3c66463a

CandidateCDHashFull sha1=8a85333379797e7c7f8d0bcea944c9af3c66463a

CandidateCDHash sha256=b78bd51408eb14f45139668267c7f33964b0c989

CandidateCDHashFull sha256=b78bd51408eb14f45139668267c7f33964b0c98956f6c603ffc716e000751245

Hash choices=sha1,sha256

CMSDigest=16b80531633926d611b265ce5da199cbb715306812f17ccb88896169800410a5

CMSDigestType=2

Page size=4096

CDHash=b78bd51408eb14f45139668267c7f33964b0c989

Signature size=9071

Authority=Developer ID Application: Adobe Inc. (JQ525L2MZD)

Authority=Developer ID Certification Authority

Authority=Apple Root CA

Timestamp=Oct 29, 2020 at 11:27:07 AM

Info.plist entries=21

TeamIdentifier=JQ525L2MZD

Runtime Version=10.12.0

Sealed Resources version=2 rules=13 files=37

Internal requirements count=1 size=180

 

There's an insane amount of controls over how code gets signed at Adobe -- as you can imagine, signing keys are the keys to the kingdom, and are tightly guarded, with mediated access where everything is logged and audited -- and there are revocation and expiration mechanisms that ensure that if the keys were ever stolen, we could invalidate everything signed with them to prevent someone from publishing content that indicates that it's legitimate and from us. 

 

To wrap this up, in all likelihood, everything is fine.  Check the code signing certificate.  If it's from Adobe, it's good.  If you want to uninstall it, uninstall Flash Player.  Safari already dropped support for it, Flash Player will stop loading content from the open web at the end of the year, and all other browsers will remove plug-in support required to run Flash around the same time.

 

Uninstall Flash Player - Mac:
https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

 

3 replies

jeromiec83223024
jeromiec83223024Correct answer
Inspiring
November 12, 2020

Folks, let's not guess and make spooky assertions about security questions.  That's not helpful.

 

There is a helper utility that handles automatic updates, and now, as we reach the end of life for Flash Player, is encouraging you to uninstall before the last possible day.  We really want to drive the population down so that people are discovering and resolving issues now, instead of over the holidays, when nobody will be around to help.

 

Anyone can name a file anything, so filenames are absolutely useless in terms of determining legitimacy or safety.

 

There's a super straight-forward, authoritative way to answer the "is this file legit?" question.  It's called Code Signing.  https://en.wikipedia.org/wiki/Code_signing

 

Code signing provides an authoritative, cryptographically secure way to determine who created a particular binary (a.k.a non-repudiation), and validating a code signature inherently confirms that the copy you have is a bit-for-bit match for the one that was signed and shipped by the author.

 

On Mac, you can verify the code signing certificate on that file from the terminal.  There's a decent guide here: 

https://osxdaily.com/2016/03/14/verify-code-sign-apps-mac-os-x/

 

Here's what a legit copy looks like on my machine.  Depending on the version you have installed, the hash values might change, but it should be signed by Adobe Inc. or Adobe Systems Incorporated on older versions that pre-date the company's recent name change.

 

Here's what it looks like on my machine: 

 

labuser@labmachine: codesign -dv --verbose=4 /Applications/Utilities/Adobe\ Flash\ Player\ Install\ Manager.app

 

Executable=/Applications/Utilities/Adobe Flash Player Install Manager.app/Contents/MacOS/Adobe Flash Player Install Manager

Identifier=com.adobe.flashplayer.installmanager

Format=app bundle with Mach-O thin (x86_64)

CodeDirectory v=20500 size=26736 flags=0x10000(runtime) hashes=828+3 location=embedded

VersionPlatform=1

VersionMin=656896

VersionSDK=658432

Hash type=sha256 size=32

CandidateCDHash sha1=8a85333379797e7c7f8d0bcea944c9af3c66463a

CandidateCDHashFull sha1=8a85333379797e7c7f8d0bcea944c9af3c66463a

CandidateCDHash sha256=b78bd51408eb14f45139668267c7f33964b0c989

CandidateCDHashFull sha256=b78bd51408eb14f45139668267c7f33964b0c98956f6c603ffc716e000751245

Hash choices=sha1,sha256

CMSDigest=16b80531633926d611b265ce5da199cbb715306812f17ccb88896169800410a5

CMSDigestType=2

Page size=4096

CDHash=b78bd51408eb14f45139668267c7f33964b0c989

Signature size=9071

Authority=Developer ID Application: Adobe Inc. (JQ525L2MZD)

Authority=Developer ID Certification Authority

Authority=Apple Root CA

Timestamp=Oct 29, 2020 at 11:27:07 AM

Info.plist entries=21

TeamIdentifier=JQ525L2MZD

Runtime Version=10.12.0

Sealed Resources version=2 rules=13 files=37

Internal requirements count=1 size=180

 

There's an insane amount of controls over how code gets signed at Adobe -- as you can imagine, signing keys are the keys to the kingdom, and are tightly guarded, with mediated access where everything is logged and audited -- and there are revocation and expiration mechanisms that ensure that if the keys were ever stolen, we could invalidate everything signed with them to prevent someone from publishing content that indicates that it's legitimate and from us. 

 

To wrap this up, in all likelihood, everything is fine.  Check the code signing certificate.  If it's from Adobe, it's good.  If you want to uninstall it, uninstall Flash Player.  Safari already dropped support for it, Flash Player will stop loading content from the open web at the end of the year, and all other browsers will remove plug-in support required to run Flash around the same time.

 

Uninstall Flash Player - Mac:
https://helpx.adobe.com/flash-player/kb/uninstall-flash-player-mac-os.html

 

D
devgr
Participating Frequently
November 13, 2020

Will we run into problems if we don't uninstall it?

I'd like to keep the standalone debugger installation. Will the uninstaller leave that alone?

I have offline files, I cannot convert them. I don't need flash in the browser, I just need to play swf animations (educational content) that are on my hard drive. 

jeromiec83223024
jeromiec83223024
Inspiring
November 13, 2020

Flash Player will stop working at the end of the year.  That includes the standalone player.  The best outcome is to eliminate the dependency on Flash Player.

 

There are some "Enterprise Enablement" features that might allow you to continue to load local content that can be configured via mms.cfg.  I can't remember if the standalone player reads mms.cfg.  I'd recommend trying it out before the end of the year, and making alternate plans as needed. 

 

You can find all the details on the Flash Player System Administrator's Guide, pp. 28: 

https://www.adobe.com/devnet/flashplayer/articles/flash_player_admin_guide.html

 

 

For completeness, here's the original announcement from 2017:

https://theblog.adobe.com/adobe-flash-update/

 

Here's the EOL FAQ: 

https://www.adobe.com/products/flashplayer/end-of-life.html

 

Here's the Enterprise EOL FAQ: 

https://www.adobe.com/products/flashplayer/enterprise-end-of-life.html

D
devgr
Participating Frequently
November 11, 2020

Now it's clear why Flash Player Install Manager exists: it tries to make you get rid of flash by pestering you with popups to uninstall it. That could be called attack malware, I guess.

 

I'm searching for possibilities to get rid of it because I need my flash files for the time being (science and math animations, and no, I will not spend hours converting them for lack of a converter that Adobe would be obliged to publish but they don't. Why they don't is beyond me. Maybe they can't. But why is Wallaby gone?).

 

Maybe trashing the Manager will be enough. Thanks for pointing out that it is in Utilities. The Player to download until 2020 is the "debugger" for developers: https://www.adobe.com/support/flashplayer/debug_downloads.html . 

 

It's difficult to remain polite with Adobe after it has killed Freehand and Pagemaker way back when, and now Flash, for everyone instead of just for hackers, without offering any working conversion solution. 

T
Test Screen Name
Legend
December 29, 2019

There is an attack malware by that name. 

K
kschaffn1Author
Participant
December 29, 2019

How do I confirm that though? Because as far as I know there is a legitimate file by that name. And nothing else has happened to my computer?

T
Test Screen Name
Legend
December 29, 2019

Try Get Info. Does it show where it is downloaded from?

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices