Adobe Flash: Hacker’s Best Friend
Adobe Flash Player is the most targeted by exploit kits. A new report by Recorded Future and posted by ARC shows that eight of the top ten vulnerabilities targeted Adobe Flash Player. This isn’t too much of a surprise because Adobe Flash Player has always been a target. According to Computer World “Monthly patches are almost always released by Adobe, and emergency patches come out for zero-day flaws that cybercriminals are actively using.”
Facebook’s CSO, Alex Stamos, wrote on Twitter in July that it’s “time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day.” Google also has stopped automatically playing some Flash content in Chrome (PC World).
Adobe Flash Player is very vulnerable and is being targeted daily. The fact that the company needs to release numerous emergency “zero-day” patches and a monthly patch would suggest that Adobe can’t keep up with the exploits. Some advocates such as Neurogadget believe that Adobe Flash Player should end-of-life and websites should begin utilizing HTML5. YouTube made the switch in January 2015 and others have or will follow suit. Recorded Future also suggests uninstalling Adobe Flash Player.
If your company decides that it still needs Adobe Flash Player, then ensure the version is kept up to date and installing any emergency patches. Some sites still require Adobe Flash Player, so completely uninstalling it may not be feasible.
Other vulnerabilities reported by Recorded Future included Microsoft Internet Explorer and Microsoft Silverlight. If you use these as well, then keep them up to date. HMTL5 could replace Microsoft Silverlight and there are multiple browsers available such as Mozilla Firefox and Google Chrome to replace Microsoft Internet Explorer.
Here are our other stories about flash:
Other High Profile Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.