Adobe’s Flash Player – no stranger to security concerns – has recently been forced into issuing an emergency patch to protect its users from ransomware.
Despite the repeated horror stories of Flash Player’s buggy and easily exploited software, it’s still used on a regular basis by a huge number of people. That’s why any vulnerability which comes to light can have an impact on millions of systems.
This time, it’s that contemporary marvel of security scares known as ransomware which is making the headlines again. So, to keep your systems protected, let’s see what we can learn from Adobe’s latest debacle.
Adobe’s Zero-Day Flaw
The vulnerability at the center of Adobe’s woes is known as a zero day flaw, but what does this mean? A zero-day flaw refers to a software vulnerability which is completely new and unheard of. Due to its unexpected emergence, the team behind the software then, quite literally, has zero days to prepare a response.
And it’s this level of precarious defense which means zero-day flaws can spread like wildfire and cause absolute mayhem.
In this particular instance, Flash Player was discovered to contain a memory-corruption vulnerability which allowed hackers to hijack user’s systems. To take remote control of user’s systems, the hackers employed the use of the Magnitude exploit kit.
Using Magnitude, hackers were then able to download ransomware software – such as Locky and Cerber – onto user’s systems. This ransomware was then primed to encrypt personal files and demand a ransom to unlock these files.
All versions of Flash Player up to version 21.0.0.197 have been affected. And it’s not just limited to systems running Windows – Macs, Linux and ChromeOS are all vulnerable as well.
The Emergency Patch
The threat was first discovered when security experts Proofpoint were investigating recent changes made to the Magnitude exploit kit. Once the magnitude of Magnitude had been established, Proofpoint swiftly contacted Adobe who was quick to rush out an emergency patch.
Thankfully, for Adobe, they had previously built in an exploit mitigation technique into Flash Player version 21.0.0.182, so this minimized the malicious impact of this zero-day flaw. However, you would be surprised by the amount of users who don’t update their software when prompted. As a result, a significant number of systems were compromised.
Once the emergency patch had been released, Adobe was also quick to advise all its Flash Player users to upgrade to the latest version. This would, hopefully, minimize the risk of further exploitations on older versions of the software.
Is Adode Safe?
This is a question which seems to get asked on a daily basis at present. And unfortunately for Adobe, things do not look great.
Hackers are clearly targeting Flash Player now and Adobe seems helpless in protecting its product. The knock on result of all this negative publicity is that PC manufacturers, such as Windows, are going to question whether it makes sense to bundle Flash Player with their products.
The key piece of information to take away from this article is that you should ALWAYS ensure all your software is up to date. This ensures you have the best protection possible against any potential security flaws.
For more ways to secure and optimize your business technology, contact your local IT professionals.