Adobe Flash: Hacker’s Best Friend

Adobe Flash: Hacker’s Best Friend

Adobe Flash Player is the most targeted by exploit kits. A new report by Recorded Future and posted by ARC shows that eight of the top ten vulnerabilities targeted Adobe Flash Player. This isn’t too much of a surprise because Adobe Flash Player has always been a target. According to Computer World “Monthly patches are almost always released by Adobe, and emergency patches come out for zero-day flaws that cybercriminals are actively using.”

Facebook’s CSO, Alex Stamos, wrote on Twitter in July that it’s “time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.” Google also has stopped automatically playing some Flash content in Chrome (PC World).

Our Analysis

Adobe Flash Player is very vulnerable and is being targeted daily. The fact that the company needs to release numerous emergency “zero-day” patches and a monthly patch would suggest that Adobe can’t keep up with the exploits. Some advocates such as Neurogadget believe that Adobe Flash Player should end-of-life and websites should begin utilizing HTML5. YouTube made the switch in January 2015 and others have or will follow suit. Recorded Future also suggests uninstalling Adobe Flash Player.

If your company decides that it still needs Adobe Flash Player, then ensure the version is kept up to date and installing any emergency patches. Some sites still require Adobe Flash Player, so completely uninstalling it may not be feasible.

Other vulnerabilities reported by Recorded Future included Microsoft Internet Explorer and Microsoft Silverlight. If you use these as well, then keep them up to date. HMTL5 could replace Microsoft Silverlight and there are multiple browsers available such as Mozilla Firefox and Google Chrome to replace Microsoft Internet Explorer.

Here are our other stories about flash:

Nail in the Coffin

Exploit of Choice

Other High Profile Breaches:

Experian (includes T-Mobile)
Scottrade
Trump Hotels
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison
Ashley Madison (follow up)


Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.

Be sure to subscribe to this blog and to our Podcast.

If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.

References

PC World
Recorded Future
Neurogadget
ARC
Computer World


Enter your email address:


Delivered by FeedBurner


Subscribe to our mailing list

* indicates required







About Scott Entsminger

Scott Entsminger was born and raised in Virginia. He graduated from Radford University with a Bachelor’s of Science in Criminal Justice. Scott has worked for the Department of Defense since graduating college. He is an expert in Windows Administration; with specific experience in Group Policy and vulnerability remediation. He also has specific experience in Information Assurance (IA) and Cyber Security.

Scott holds the CompTIA Security+ certification. He is always looking to diversify his skillset. Scott is an avid sports fan, particularly baseball. He also is an avid gamer and enjoys learning different skills involving his PC.