Less than a year ago, Adobe experienced a barrage of criticism by the IT community due to a number of security flaws in its popular multimedia software and internet plugin. Over the course of a few weeks in July of 2015, 3 different zero-day vulnerabilities were discovered in Adobe Flash. A zero-day vulnerability is a security flaw in a piece of software code that has no patch or fix. How did this happen? An Italian IT company known as the Hacking Team was ironically hacked and one savvy computer hacker got his or her hands on 400 GB of data, data which included detailed information on security exploits in Flash. Even after Adobe released a patch for one vulnerability, two additional vulnerabilities were discovered shortly thereafter.
It hasn’t even been a full year since that event, and Adobe Flash is in trouble again. On March 31 of this year, attack campaigns began against Adobe Flash that worked on exploiting a zero-day flaw in the Windows version of Flash which would then install ransomware. Flash for Mac OS, Linux, and ChromeOS are also at risk.
What Is Ransomware?
Ransomware are nasty versions of malware that lock a user out of their system. Through a variety of methods, Ransomware restricts access to an infected computer and demands that the user pay ransom in order to regain access to their computer. Some ransomware programs will lock for freeze a user’s computer screen and will display a ransom message. Other, more advanced types of ransomware will actually encrypt all of a person’s data, and it is very hard to decrypt the information without having to pay the malware provider in order to get the encryption key.
What Should You Do?
With major security vulnerabilities in Adobe Flash, what should you do to protect your business from attack? The two best options are to either delete your Adobe Flash Plugin or update to the latest version of Flash.
Deleting Your Adobe Flash Plugin
Some security experts are suggesting you delete your Flash plugin all altogether. Although Flash was the leader in multi-media on the internet a few years ago, many major websites have moved away from using Flash – largely in part due to its history of security issues. For example, YouTube started out as a video site running Flash. Now, all of YouTube runs on HTML5. As users are able to view a lot more content on the web without the need for a Flash plugin, users can feel comfortable enough deleting their Flash plugins.
Updating to the Latest Version of Flash
If you have to use Flash, or you are required to visit or manage websites that utilize the Flash plugin, update to the latest version of Adobe Flash. According to the Adobe website:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
The newest version of Adobe Flash was released on April 12, 2016 and can be downloaded here: https://get.adobe.com/flashplayer