adobe-flash-security-release

Emergency update for Flash released by Adobe

Can we please live in a world where Flash becomes obsolete? Wasn’t that the whole point of iOS? Are there really websites out there that still use this broken and buggy web software? Apparently there is, or so it seems. Adobe has found and patched several zero-day exploits over the last couple months, and they just announced that they’ve found and patched another one. Every time they do this they have to release an “Emergency” update for Flash which has to be installed. It’s getting a little tedious.

More Problems for Flash on the Mac

According to fireeye.com:

This threat actor clearly seeks out and compromises websites of organizations related to international security policy, defense topics, and other non-profit sociocultural issues. The actor either maintains persistence on these sites for extended periods of time or is able to re-compromise them periodically.

This actor also has early access to a number of zero-day exploits, including Flash and Java, and deploys a variety of malware families on compromised systems. Based on these and other observations, we conclude that this actor has the tradecraft abilities and resources to remain a credible threat in at least the mid-term.

The exploit affects all of the latest versions of the Flash plugin, including those in use on the Mac. It allowed hackers to execute malicious code by taking control of the virtual function table pointer object. Whatever that means.

Apple Was Smart

The good news here is that Macs don’t come with Flash installed automatically anymore. In order to get Flash users have to go out and get it themselves. This will save a lot of computers. The problem with all of these “Emergency” patches is that non-technologically inclined people will either ignore the warning, or will get tired of the warnings that seem to come every few days. That could lead to a state of ambivalence, which would be bad for everyone.

If you’re running Flash, but don’t really use it all that much, the best thing you can do is get rid of it altogether. If you need Flash, then make sure you have auto-update turned on, so that you’re always up to date.

If you’re the tech support person for someone like your parents, you should help them avoid flash at all costs, and if you can’t, make sure they are always up to date.

Conclusion

Hackers are never going to stop trying to ruin our computers and steal our money. The issue isn’t that Flash is terrible, or that it takes up every machine resource known to man, but that it is a hacker-magnet. It has so many holes in it you might as well call it a sponge.

Flash can’t die soon enough. Not only is HTML 5 more reliable, and more stable, it will also solve a lot of these zero day exploits, which seem to pop up over and over again.

You can find more info on this exploit on Adobe’s security page.