get.adobe.com website certification

Question

I just got prompted to update my flash player on my mac running Safari 10.0.1

I followed the link to the update server at get.adobe.com and observed there was no padlock next to the website URL. I then followed the link through from google to the update server to make sure I was going to the right place and not a malicious website and still there was no padlock.

It seems the get.adobe.com website is using a SHA-1 certificate. Surely this is insecure and opens up a potential vulnerability? Especially on mac as users will frequently update their flash software with out a second thought and the process involves entering your administrator password.

Satinder S Bains · Accepted Answer

The certificate is upgraded to SHA256Thanks

Satinder S Bains · Answer

Hi James,We are aware of this and working on it. Would be updating the pages soon. Thanks

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded