Safari Version 13.1 (15609.1.15.3.11) has all of a sudden requested that I update Flash, but only when I visit CNN dot com. No other websites seem to provoke this behavior. MalwareBytes and Sophos do not detect any malicious activity but the website in question is clearly NOT Adobe. I will try to determine the URL. What kind of malware have I inadvertly picked up? Why CNN and only CNN for now? BTW, CNN seems to work fine on Chrome. This issue seems particular to Safari. In addition, the problem has persisted after restarting Safari and also restarting this Mac running 10.15.4 Beta (19E224g).
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Safari wants to "update" Adobe Flash but only when visiting CNN dot com
- Thread starter dmfresco
- Start date
- Sort by reaction score
I do not have Flash on my system. I got rid of it on the previous MAC I owned and when I purchased a new system several years ago it was not installed and I never installed it. I go through periods where certain sites will have the "Flash Update" pop up message come up whenever I access them. This goes on for a week or two and then stops. i don't think the "request to update" is picked up by Malwarebytes. The malware does not show up until you actually click on the link and install something. I could be mistaken on that, but every time I get the pop up I run Malwarebytes and nothing comes up.
The request to update Flash has stopped, but I have the offending installer in my Trash bin. I did not install it. I have seen these requests from time to time too but do not follow through with the Install. I just find it so odd that something at CNN triggered it. I wonder if one of their Ads was fraudulent? And since the story I was reading was about the Democratic debate in SC, USA, I also envisioned some of the conspiracy theories that are rampant these days.
From time to time some websites get comprised by bad folks hoping to install malware on an unsuspecting user's computer. It is up to the user to inform the infected sites off the issue and the sites to then correct the problem.
However, the user should never ever download an inflected program let alone install it. And yes, I still have Flash installed in my system, but I keep it up to date. dmfresco's download has absolutely nothing to do with Adobe Flash, it is merely a bad guy masquerading as Flash.
Lou
However, the user should never ever download an inflected program let alone install it. And yes, I still have Flash installed in my system, but I keep it up to date. dmfresco's download has absolutely nothing to do with Adobe Flash, it is merely a bad guy masquerading as Flash.
Lou
Never download a Flash update from one of these prompts. If you want to up date Flash Player, bring up the official Adobe .com site, then scroll to the bottom of the page to get it directly from Adobe, not some imposter.
Of course not. But, when a Safari page is compromised, and there is no other recourse to but to quit the browser and it happens again and again and again, sometimes the way forward is to download the fraudulent installer, trash it and then the script releases Safari and it works again. At least that is how it has transpired for me in the past. I got fooled once many years ago by this scam, so I am savvy to it. It's the first time I recall it happening by a site such as CNN, which I bet has many protections in place against these shenanigans.
Once again, I am not able to click on anything else when the page hijacks my browser window and no way to back up and get back the site of interest. Sometimes clicking the download releases the browser window. Sorry, if that was not clear, but downloading the junk installer is not the same as installing the malware. That is the point I am attempting to make to you and believe me, I have no intention of installing the malware software.
I wonder if this is an advertisement. The advertisement system allows advertisers to use javascript to create a popup window and I'm wondering if this is what you experienced. You might have landed on that site at just the right time to see an advert.
That's not been my experience in the past, but okay, if you say so. I don't let installer automatically activate as a rule. That failsafe seems to be pretty potent.
Again, It's not an advertisement. Advertisement's do not alert you to download software. I've seen this fraudulent Adobe Flash popup in the past. This is really bad stuff.
Lou
If not through Ads on the site, how else might CNN get compromised? Why was the problem specific to being on the CNN site? Is that a coincidence? And why was the same page not affected when viewed with Chrome? I am not understanding how you can be so certain of your statement. I think a dodgy Ad is the most likely culprit and it was exploiting some vulnerability unique to Safari.
Never, never, NEVER, NEVER accept ANY website's offer to "upgrade flash" !
Close the window, quit the browser, pull the plug out of the wall if you have to.
Did I emphasize that enough?
An absolutely clean, latest version of the flash installer can ALWAYS be downloaded from this link:
But... before you download it... open the "flash player" preference pane (system preferences), go to the update pane, and click "check now" to see if you really need "an update".
If you do, again, use the URL I've provided above to get it.
Then... run it.
Then... open the flash player pref pane AGAIN, and confirm that the update "took".
I also recommend that you set the flash player update pane to "never check for updates".
Close the window, quit the browser, pull the plug out of the wall if you have to.
Did I emphasize that enough?
An absolutely clean, latest version of the flash installer can ALWAYS be downloaded from this link:
But... before you download it... open the "flash player" preference pane (system preferences), go to the update pane, and click "check now" to see if you really need "an update".
If you do, again, use the URL I've provided above to get it.
Then... run it.
Then... open the flash player pref pane AGAIN, and confirm that the update "took".
I also recommend that you set the flash player update pane to "never check for updates".
I appreciate all the emphatic and moderately sanctimonious recommendations not to get spoofed by these scams, it's noted, but the real question that is not really being addressed here is how and why a site such as CNN led to this problem in the first place?
Yes, they most certainly can. An advertisement can take advantage of JavaScript to create a pop up window for anything the designer wants. I don't even have a Flash plugin on my machines yet I saw an advertisement instructing me to download a flash plugin update ("your flash plugin is out of date!"). I stopped seeing that ad once I began running an adblocker.
Last edited:
I certainly did address the issue raise. The site doesn't know it happens unless YOU tell them. Once you do, they will inform the web domain's owner to correct the problem.
Now, I do NOT appreciate being called sanctimonious. I am trying to alert you to the dangers lurking on the web and of your behavior. If you don't appreciate it and are in to calling names I shall exit this thread.
Lou
Now, I do NOT appreciate being called sanctimonious. I am trying to alert you to the dangers lurking on the web and of your behavior. If you don't appreciate it and are in to calling names I shall exit this thread.
Lou
Last edited by a moderator:
It may simply be that a malicious advertisement snuck into their ad rotation at some point. You could always install an ad blocker and see if the problem disappears. Most websites don't bother, or aren't allowed to, vetting their advertisements before they are shown to the public. The advertisement could also be using the browser's user agent string to target Safari users.
You’re asking in the wrong place.
The right place? CNN. Ask for IT Security.
if that doesn’t work - contact a reporter who specializes in data security issues - at, say... HuffPost
The right place? CNN. Ask for IT Security.
if that doesn’t work - contact a reporter who specializes in data security issues - at, say... HuffPost
Let's just say that I disagree because I have information that you seem to lack. Perhaps it is best to not allow this type of debate to derail the thread. Have a nice day.
Safari has not used Flash since 2016/7. You can enable it in Safari, but why? It's hacked and updated very frequently. Chrome uses "their own" version of Flash, not Adobe's version. So when using either browser, any site asking to update Flash is a bad site trying to infiltrate your computer.
Don't blame CNN, sites are inundated with crud on a daily basis. Just avoid the bait, and you wont get hooked.
Last edited:
Ads on CNN are delivered by FreeWheel, some require Flash. Search for macromedia in https://registry.api.cnn.io/bundles/fave/freewheel-dad59dc1/freewheel
Safari and Chrome use different Flash versions (NPAPI vs PPAPI), do you have both installed?
https://get.adobe.com/flashplayer/otherversions/
I usually don’t use the CNN website, but I do use the CNN app on my iPad.
Just a few minutes ago, the app failed to display anything when I opened it. I forced quit and reopened.
One “cell” on the page comes up displaying JavaScript! (It is obvious CNN app uses a WebView for UI - I am an app developer, and I use WebViews myself...) So apparently the content has been damaged/mangled.
I’ll attach a screenshot.
i wonder if anybody at CNN bothers to look at the app?
[automerge]1582760022[/automerge]
thats kinda ridiculous, given that most users presumably do not have Flash installed today.
Just a few minutes ago, the app failed to display anything when I opened it. I forced quit and reopened.
One “cell” on the page comes up displaying JavaScript! (It is obvious CNN app uses a WebView for UI - I am an app developer, and I use WebViews myself...) So apparently the content has been damaged/mangled.
I’ll attach a screenshot.
i wonder if anybody at CNN bothers to look at the app?
[automerge]1582760022[/automerge]
thats kinda ridiculous, given that most users presumably do not have Flash installed today.
Attachments
Before going back to the cnn page did you delete cookies & website data in Safari and/or turn off Javascript & block all cookies And this behavior still persisted when viewing same page?
I agree with others about not just downloading file even if you don't install it. Usually deleting all webdata in Safari as well as rechecking reading list items that may be automatically downloading data from a site with a now compromised ad system and then quitting and restarting browser solves issue for me. Turning off Javascript, blocking cookies, and even initially turning off WiFi until web data deleted & browser restarted are just added precautions I take. Some Ad block software has helped limit issue from happening in first place.
For me Safari was better blocking all 3rd party cookies than its attempt to allow some from sites visited in past. Just because I visited it doesn't mean I want it to access or add data as a 3rd party when I am viewing other sites. Even with ad block and apple's enhanced limit on tracking I still see some webdata from sites I don't directly go to and try to remove every so often.