UPDATED 16:31 EST / MARCH 11 2016

NEWS

Adobe warns of yet another Flash vulnerability, exploits in the wild

It’s that time of the year again: Adobe Systems Inc. has released a new patch for Flash that fixes a newly discovered vulnerability. Internet users are urged to download and install the patch immediately. The patch notes cite that the “updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.”

Also, Adobe states that the company is aware of an exploit in the wild that “is being used in limited, targeted attacks.” So now is a good time to get it updated. The exploit in question hits flaw CVE-2016-1010, which is listed as a “integer overflow vulnerability” that can be used by attackers to run exploit code on a user’s computer.

Most users may have automatic updates already active, in which case no action may be needed; but it still might be wise to verify the current version of Flash and make certain it is up to date to stay safe.

The update (version 21.0.0.182) is considered a top priority for Windows, Mac, Android and ChromeOS. The patch closes 23 holes in the software.

How many nails must be put in Flash’s coffin?

Flash has been a problem for years now and in spite of its constant security issues and strong competitor in HTML5 it has been digging in its digital heels.

Mark Nunnikhoven, vice president of cloud research at Trend Micro, said to SC Magazine, “There have been 594 registered vulnerabilities since 2005 with 213 of them coming in 2015 with many rated critical.”

Last year, July 2015, infamous spyware vendor Hacking Team was hacked themselves and the group’s exploits leaked to the Internet. Amid those exploits appeared numerous zero-day hacks that affected Flash and this began a cascade of new discussion about ditching Flash for something safer and more secure.

Since then numerous sites on the Internet have begun to produce their own HTML5 replacements for ubiquitous Flash applications. Also July 2015, video game streaming site Twitch pushed out an HTML5/JavaScript video streaming app; then December 2015, Speedtest.net, the most common Internet speed testing site, publicly released an HTML5 beta of its client. Even earlier than these, in January 2015 YouTube began to push out HTML5 video playback.

Charts on W3Techs.com show a distinct historical decline in Flash being used on websites from March 2015 to March 2016, but it is still used by 9 percent of all websites (including Google.com and Mail.ru) down from 11.5 percent the same month last year.

Adobe’s response to this has been slow, however, and instead of entirely killing off the security problematic application language and plug-in the company has aimed to rebrand the project to Adobe Animate CC. The new suite replacing Flash was released last month. Also due to that 9 percent of websites and applications that have yet to ditch the software, Adobe has continued to support its Flash legacy and fix exploits.

photo credit: BSOD Stop c218 via photopin (license)

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU