Fake Flash updates have been very common to infect OS X. They do not rely on a vulnerability in the operating system. Instead, the user is asked to willingly install them. The fake Flash update actually installs an up to date genuine version of Flash. The installer is signed with a valid Apple developer certificate issued to a Maksim Noskov: It’s not clear what triggered the popup advertising the update, I suspect it was injected by one of the many ads on the page: “Get Flash Player update””]
Source: https://isc.sans.edu/diary/Fake+Adobe+Flash+Update+OS+X+Malware/20693