Adobe’s Flash Player has had a bad press in recent years due to the numerous security flaws in its design and these problems remain a major issue.
While we frequently worry about the dangers of malware and ransomware, we seem to have forgotten about the security vulnerabilities that are present in software we use every day. Flash has been exposed as having major security flaws in the last few years, so there’s been a tendency to migrate towards HTML5 code which is similar to Flash and much more secure. However, many people still use Flash online, so it’s likely that your organization will come into contact with it on a regular basis.
Understanding how to combat vulnerabilities in Flash is essential for your organization’s security, so let’s try and get a better understanding of Flash’s latest security crisis.
Flash Hits the Headlines Again
On the same day that Adobe released their latest patch for Flash, an independent security expert revealed that they had identified a glaring vulnerability in the software. This security flaw – given the unwieldy name of CVE-2018-15981 – is a curious software bug that has the potential to execute a malicious code through an instance of Flash hosted on a malicious website. Versions of Flash affected are all those up to version 31.0.0.148 and could affect the following browsers: Firefox, Chrome, Edge and Internet Explorer.
Combating Flash Vulnerabilities
The most recent version of Flash (31.0.0.153) is more than safe to use in terms of this recently discovered vulnerability, but the question remains as to whether more vulnerabilities are lurking within it. So, how do you combat the security flaws presented by Flash?
Many browsers, such as Chrome, Firefox and Edge, now insist that users have to manually activate Flash each and every time it’s encountered, but confidence tricks can easily be employed by hackers to disguise this. Flash, of course, is being discontinued at the end of 2020, so many people are simply disabling the software. With only a small minority of websites still using Flash, the loss of productivity from disabling it are considered minimal due to the alternative solutions on offer such as HTML5.
However, many organizations rely on Flash-based websites to complete essential tasks such as online customer portals etc. In these cases, the importance of monitoring crucial software updates and acting on these immediately should be a priority for all IT teams. Many businesses have been caught out on countless occasions due to a lack of care when it comes to installing patches and software updates. While this latest vulnerability does not appear to have been exploited by hackers, it could have easily led to severe data breaches and a drop in productivity for any organization affected.
Final Thoughts
Flash has been present within the landscape of the internet for over 20 years, but it almost feels as though Adobe have barely concentrated on it for the last few years. As a result, Flash has received nothing but negative feedback due to the security flaws present. Naturally, with just two years left in its lifespan, these issues will soon become irrelevant, but for now it’s vital that you regularly install updates or, where possible, disable it.
For more ways to secure and optimize your business technology, contact your local IT professionals.
