I work on Flash Player itself -- we provide binaries to the distribution team responsible for packaging and monetizing them, so I can't speak to the details of their implementation, but I've investigated dozens of reports like this over the years, and I've yet to find one where we were deploying the wrong payload under normal operating conditions.
What I see in practice, is in the unlikely event that a monetized payload gets deployed and the user has either opted out or was not presented with the opt-out dialog, there was a third-party browser plug-in in play that prevented the logic on our page from operating as written, there was a third-party plug-in "manager" in play that was circumventing our download page and grabbing the monetized payload, or it was a fake download where someone repackaged our distributable, bundled a little extra "gift", and redistributed that modified version from a third-party site. Where plugins are involved, the usual suspects are typically ad-blockers, anti-tracking plugins and other "security" plugins that modify logic on the page.
That said, we'd strongly recommend that you just turn on automatic updates. It ensures you get the latest security patches when they become available (particularly in the event of an 0-day). You won't get prompted for updates, have the potential to be tricked by a fake update download, and you won't have to opt-out of anything to get the latest player. We forego any revenue opportunities to ensure that you're patched. It's good for herd-immunity and the health of the network, and it's painless.
If you don't think that any of those scenarios applies, I'm more than happy to try and reproduce this, and will gladly get a bug going with the distribution team if there's a reproducible problem. In order to narrow down the universe of possibilities, it would be really helpful to know what the OS and default browser in play were, what the name of the file you downloaded was (if you still have it in your download history), and roughly where you're located geographically. We use a content distribution network of thousands of geographically distributed servers, and I want to attempt to reproduce this as accurately as possible.
Thanks!
3
Replies
AdChoices