Flash Used In Massive Attack Via Yahoo Ads
Here’s yet another reason to keep Adobe Flash off your systems. There’s word of a massive attack that started on July 28th via the Yahoo Ads network that leveraged vulnerabilities in Adobe Flash. Here are the details via The New York Times:
The scheme, which Yahoo shut down on Monday, worked like this: A group of hackers bought ads across the Internet giant’s sports, news and finance sites. When a computer — in this case, one running Windows — visited a Yahoo site, it downloaded malware code.
From there, the malware hunted for an out-of-date version of Adobe Flash, which it could use to commandeer the computer — either holding it for ransom until the hackers were paid off or discreetly directing its browser to websites that paid the hackers for traffic.
That alone proves that if you must run Flash, it needs to be up to date. But there have been many, many zero day Flash exploits that can affect any version of Flash. Thus running the latest version of this rather insecure plugin won’t do you any good. Thus punting it from your system is likely the best bet to keep yourself safe.
Oh, I have a message for Adobe. Please kill Flash. NOW. It isn’t safe and you can’t make it safe. Thus it’s best for all of us if you kill it off and move on.
August 4, 2015 at 4:41 pm
That’s scary. So many sites still use Flash these days that it’s tough to get rid of on one’s computer without losing functionality. Would it be safer to keep Flash installed on a VM for the times when it’s needed and remove it entirely from the main system?
August 4, 2015 at 9:25 pm
I have a copy of Chrome that I use Flash in should I need it. Plus I have it installed in all my Windows virtual machines for the same reason. But 90% of the time or more, you simply don’t need it. I did a five part series called “Bye Bye Flash” and I found that I could live without Flash for the most part. Try it and you’ll see. Going cold turkey isn’t hard.
🙂