I am no fan of Adobe Flash because of how insecure it is. And a report from On The Wire illustrates this fact perfectly. Six of the top ten exploits in 2016 leveraged bugs in Flash:
Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it’s deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future’s analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups.
Flash gets targeted because 95% of potential victims are running the same Flash plugin with the same vulnerabilities. And because HTML5 hasn’t yet completely taken over, one may have no alternative other than to run Flash to see the content that they want. It also gets targeted because Adobe for whatever reason cannot properly secure it and hackers know that. Thus the only way to really protect yourself is to dump Adobe Flash.
As for the fact that Microsoft products are the other four exploit vectors, here are my thoughts on that:
- Silverlight which was meant to be a competitor to Flash is basically a dead product as Microsoft no longer supports it. If you still have it on your system, you should really remove it. Trust me, you won’t be missing anything by not having it on your system. Except for the odd exploit which isn’t a bad thing.
- If you use IE (Internet Explorer), you should if possible move to another browser such as Edge for Windows 10, Chrome or Firefox.If you can’t, the best defense is to make sure your Windows systems are always fully patched as patches for IE are always part of Windows patches.
- If you run Windows, the best defense is to make sure your Windows systems are always fully patched.
If you do all of that, you can likely sleep somewhat better at night.
Like this:
Like Loading...
Related
This entry was posted on December 8, 2016 at 9:31 am and is filed under Commentary with tags Adobe, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Ten Top Exploits Of 2016 Exist Via Adobe Flash Or Microsoft Products
I am no fan of Adobe Flash because of how insecure it is. And a report from On The Wire illustrates this fact perfectly. Six of the top ten exploits in 2016 leveraged bugs in Flash:
Six of the top 10 most-refquently targeted vulnerabilities in the last year were in Flash, while the other four were in Microsoft products, including IE, Windows, and Silverlight. Flash has been a favorite target for attackers for a long time, for two main reasons: it’s deployed on hundreds of millions of machines, and it has plenty of vulnerabilities. Recorded Future’s analysis shows that trend is continuing, and one Flash bug disclosed October 2015 was incorporated into seven individual exploit kits. The flaw was used by a number of high-level attackers, including some APT groups.
Flash gets targeted because 95% of potential victims are running the same Flash plugin with the same vulnerabilities. And because HTML5 hasn’t yet completely taken over, one may have no alternative other than to run Flash to see the content that they want. It also gets targeted because Adobe for whatever reason cannot properly secure it and hackers know that. Thus the only way to really protect yourself is to dump Adobe Flash.
As for the fact that Microsoft products are the other four exploit vectors, here are my thoughts on that:
If you do all of that, you can likely sleep somewhat better at night.
Share this:
Like this:
Related
This entry was posted on December 8, 2016 at 9:31 am and is filed under Commentary with tags Adobe, Microsoft. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.