Read Time: 2 Minutes
Adobe Flash is a popular plug-in that many websites use to host video content. It became quite popular in the early 2000s as a way of playing videos or streaming them online, but security researchers now say that it’s become more of a security liability, which has led to calls for Adobe to kill Flash.
Flash vulnerabilities were recently thrust in the limelight after a zero-day exploit used by the Italy-based surveillance company Hacking Team was stolen in a recent attack, resulting in its proliferation in exploits kits used by criminals. According to F-Secure Labs’ detection statistics from June 25, 2015 to July 14, 2015, detections of Flash exploits from exploit kits increased by 82% in the days following the attack. Researchers are attributing this increase to the adoption of the zero-day exploit stolen in the hack, as well as the subsequent discovery of two additional zero-day exploits. Consequentially, security researchers are becoming more vocal in their criticism of Flash’s security flaws.
Criminals using exploit kits typically target insecure software that’s widely used, and Flash has given them an easy target for at least the past seven or eight months,” said F-Secure Senior Researcher Timo Hirvonen. “Newer technologies are available and becoming more popular anyway, so it would really be worth the effort to just speed up the adoption of newer, more secure technologies, and stop using Flash completely.”
Businesses Need to Better Manage Flash-Based Risks
Exploit kits are sets of tools that criminals use to create crimeware campaigns, and largely attempt to infect computers with malware that exploits vulnerabilities in software. Exploit kits have historically been proficient at exploiting vulnerabilities in Java and older versions of Microsoft Windows, but exploits targeting Flash have become more prominent in 2015.
According to F-Secure Security Advisor Sean Sullivan, businesses need to pay closer attention to how employees expose themselves to online threats by carelessly browsing the web. “I characterize Flash as a low-hanging fruit because it’s become such a popular target for opportunistic attacks,” he said. “Businesses need to be proactive about protecting their employees from this threat. F-Secure’s software is able to detect these exploits, and products like Software Updater ensure Flash and similar applications are promptly patched as soon as new vulnerabilities are discovered.”