Flash is common enough to be a prime target for malware. A new Adobe Flash exploit has been found allowing criminals to run malicious code.
Flash is susceptible to tampered files used to display multimedia, videos and animations while you are browsing the internet. This mainly affects desktops; however, it’s not an issue with servers since servers are less likely to have users on them browsing the internet.
Understanding the new Adobe Flash vulnerability
- Taking a closer look at the cause for infections spreading through Adobe Flash, the risk usually lies in binary browser vulnerability within the .SWF files, where it is dropped by an undisclosed iframe.
- Iframe is an inline frame. Back in the 90s, Microsoft came up with the idea for basic webpages to point to another page. This allowed a website to combine the content of its page with another. An iframe allows you to embed one site into another one seamlessly, with two different webpages displaying as one. Sounds like a great idea at the time, right?
- It initially worked very well for Internet Explorer. What wasn’t foreseen was malware authors exploiting these iframe features.
- This exploit affects only Internet Explorer users, which is why we urge everyone to use a more secure browser such as Firefox or Chrome.
What does this Malware vulnerability do?
- The injected iframe may have something subtly embedded such as a single pixel within the SWF file.
- It’s high risk to Internet Explorer Users, where the Iframe can identified by its negative absolute positioning and random number approach.
- The usual behaviour from these types of files will eventually take you to a currently black-listed blank domain.
- This, of course, could change at any time. It could pose as a spoof site, aiming to steal data or to install malware.
How to protect yourself
The solution is simple, stay on top of your Adobe Flash updates. This is very important, especially if you use your web browser to do online gaming, stream music, watch videos and animations, such as on YouTube, which nearly always uses Adobe Flash Player. By keeping updated with the latest Adobe updates, you’ll help to close down those vulnerabilities discussed above, and more.
It’s good news if your choice of browser is Google Chrome. Chrome automatically updates your browser to the latest version of Adobe Flash.
To learn how to update Adobe Flash, please see our article Here (https://www.ophtek.com/should-you-update-adobe-flash/)
Read More