Adobe Flash Player has become synonymous with constant security faults but this month the threat level has reached a sad new low. Adobe Systems issued a warning on Monday that hackers are exploiting a new vulnerability in Flash Player, the third such vulnerability in roughly a months’ time. The vulnerability allows for drive-by download attacks and targets users of Internet Explorer and Firefox.
The Flash Player exploit makes use of malvertisement attacks. Animated advertisements on websites often use Flash as their loading agent. Infection can happen instantly and without interaction from a user because advertisements are designed to load automatically. The exploit was originally discovered on the Dailymotion video sharing website, but it’s important to note that because it was part of the ad network itself, other websites may have been compromised.
Adobe released two Flash Player updates in the last two weeks but so far has not been able to address the latest vulnerability. The vulnerability itself grants an attacker the ability to make changes to your system and potentially take direct control of your computer. Security analysts from Trend Micro have already reported over 3,000 hits related to the exploit with at least one active attack site. If you have Flash installed at all (and you probably do), you should consider disabling it until Adobe is able to address the vulnerability.
Adobe Flash Player is clearly an application that is nearing its end of life. Already, major manufacturers such as Apple, have abandoned the app from many of their devices. Google has also recently abandoned Flash as the default video player for YouTube, opting instead for an integrated HTML5 video player. With the arrival of malware on mainstream websites and the increased awareness of browser vulnerabilities, it would not be surprising to see Flash abandoned entirely from the mainstream market. Given Adobe’s track record so far this year, the loss of Flash Player may not be such a bad thing.
– Richard Keene
IT Computer Support of New York
Webmaster and Lead Designer