Latest Bug for Adobe Flash the Nail in the Coffin?
Could the most recent bug spell death for Adobe Flash? Will Adobe Flash live to see 20? Version 20 that is. Well the only way to ensure your system is protected is to remove it. That is a sound indication of death. Adobe is planning on releasing a new version of Flash on October 16 according to the CVE-2015-7645. The vulnerability “if successfully exploited, ‘could cause a crash and potentially allow an attacker to take control of the affected system'” (Endgadget). Per BGR “every version of Adobe Flash Player on Windows, Mac and Linux is affected.”
Trend Micro warns of this vulnerability and has already developed some sample email subjects used to exploit the software and states that the Adobe Flash zero-day affects at least Adobe Flash Player versions 220.127.116.11 and 18.104.22.168. Examples include:
“Suicide car bomb targets NATO troop convoy Kabul”
“Syrian troops make gains as Putin defends air strikes”
“Israel launches airstrikes on targets in Gaza”
“Russia warns of response to reported US nuke buildup in Turkey, Europe”
“US military reports 75 US-trained rebels return Syria”
Most exploitation seems to be coming from a single source according to Raw Story. “The Pawn Storm group, which targets high-profile political targets in countries like the U.S., Russia, Ukraine and the U.K., has been linked to the Russian government, but without conclusive proof due to the technical difficultly of attribution in cyberattacks. ” The problem with tracking these attacks is the deletion of logs or spoofing of IP and/or MAC Addresses. This makes tracking the attackers steps near impossible.
This certainly creates chaos within the tech community. Adobe Flash is widely used and for streaming online programs and websites in a manner that does not particularly allow for a quick fix. Several protocol, software, and coding changes would have to occur to enable Flash’s true death.
Flash has long been seen by security researchers as a major security risk and most advise users to disable it altogether. However, despite its numerous issues, Flash persists and many popular websites, including HBO, Spotify and the BBC still require users to have Flash enabled for their desktop sites to work properly — giving hackers a big attack surface to compromise users.(Raw Story)
We tend to agree with CNET‘s sentiment: “Citing Flash’s poor track record with security, some researchers recommend Web users disable or remove the plug-in altogether.” This is consistent with minimizing a computer and/or organization’s software footprint. The less software installed, the fewer the opportunities attackers have in exploiting software. This is known as minimizing the attack surface. While minimizing the attack surface is not a 100% solution, it certainly helps, especially when combined with disabling unnecessary services, ports, and protocols and using strong passwords. Another vital step to take to head this exploit off at the proverbial pass is user awareness training. Train your users to look for the subject lines mentioned above and similar ones, they should be vigilant. We can help you with training here.
Uninstalling this software is the only way to protect your computer and your valuable data, and there are other, better, safer ways to enjoy content on the web. This site offers links to disable Flash in every web browser you have (Tech Insider).
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.