Menu
No surprise here: Adobe's Flash is a hacker's favorite target

No surprise here: Adobe's Flash is a hacker's favorite target

A new study adds to already compelling evidence that Flash should be retired

Adobe Systems' Flash plugin gets no love from anyone in the security field these days. A new study released Monday shows just how much it is favored by cybercriminals to sneak their malware onto computers.

It looked at more than 100 exploit kits, which are frameworks planted in Web pages that automatically probe for software vulnerabilities when a user browses to a page.

Those who develop exploit kits are often hired by others to help distribute specific kinds of malware.

Of the top 10 vulnerabilities found in the exploit kits, eight of them were targeted at Adobe's Flash plugin, used on millions of computers to play multimedia content, according to Recorded Future, a cybersecurity intelligence firm based in Somerville, Massachusetts.

To arrive at its conclusions, Recorded Future looked at software vulnerabilities known to be used in popular exploit kits such as Angler, Neutrino and Nuclear Pack as well as in cybercrime forums between January and September.

Echoing the conclusion of many other security experts, Recorded Future said the findings call "into question Flash's place in a secure operating environment."

"While the role of Adobe Flash vulnerabilities as a regular in-road for criminals and malware should come as no surprise to information security professionals, the scale is significant," the report said.

Adobe has been working for years to make Flash more secure through code reviews, but it has proven to be a mighty task for an application that's nearly two decades old.

Monthly patches are almost always released by Adobe, and emergency patches come out for zero-day flaws that cybercriminals are actively using.

Apple founder Steve Jobs famously forbid the iPhone from running Flash. This year, other companies have taken steps to reduce the risk of zero-day Flash flaws.

Facebook's CSO, Alex Stamos, wrote on Twitter in July that it's "time for Adobe to announce the end-of-life date for Flash and to ask the browsers to set killbits on the same day."

In September, Google stopped automatically playing some extraneous Flash content on Web pages. The move was aimed at improving performance in the Chrome browser, but it also has security benefits.

Perhaps the most humorous campaign against the application is the "Occupy Flash" movement. The group advocates moving everything to HTML5, the latest specification of the Web's vernacular that has a host of multimedia capabilities.

Occupy Flash's manifesto reads in part: "It's time has passed. It's buggy. It crashes a lot. It's a fossil, left over from the era of closed standards and unilateral corporate control of web technology."


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags hackingsoftwarepluginAdobe. Flash

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments