Latest Adobe Flash vulnerability appears in exploit kits

Security experts ask: is it time to just cut Flash loose?

Adobe Flash hit with zero day vulnerability again

The latest zero-day vulnerability affecting Adobe's Flash Player has ended up in online exploit kits.

Many, many zero-day flaws exist for Flash Player, but the latest discovered by security firm FireEye, is already being used in Magnitude and Angler EK exploit kits, as discovered by threat researcher Kafeine of Malware Don't Need Coffee.

Advertisement - Article continues below

The bug AKA CVE-2015-3113 - has already been patched by Adobe, and the fix can be downloaded from the company's website, but users must act fast so they don't fall victim to hackers armed with the malware kits.

The latest in an increasingly long string of Flash Player security holes, the bug has already targeted Internet Explorer for Windows 7 and below, and Firefox for Windows XP, according to reports.

Adobe has designated its patch a high priority, but Linux is classified as a slightly lower risk.

However, flaws like this are becoming more and more common for Adobe Flash, and some security experts are suggesting that it would be wiser to simply ditch the software altogether.

Analyst Brian Krebs wrote in a blog post that "it might be worth considering whether you really need to keep Flash Player installed at all", stating that he barely missed it after foregoing the common plug-in for a month.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Mark James, security specialist at IT security firm ESET, called Adobe Flash "one of the most targeted apps for vulnerability". He added: "If you want to affect as many people as possible then you need an application that a lot of users use and Flash is one of them".

Security firm Bromium's Clinton Karr noted that this newest exploit "illustrates why internet content is so untrustworthy". He called it "a greenfield for hackers with no end in sight".

The consensus among the security community is that these patches should be deployed as soon as possible, but given the increasing frequency with which they are required, it seems like it may not be long before Adobe's Flash Player is a bigger risk than it is a benefit.

Featured Resources

The case for a marketing content hub

Transform your digital marketing to deliver customer expectations

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

IT faces new security challenges in the wake of COVID-19

Beat the crisis by learning how to secure your network

Download now
Advertisement

Recommended

Visit/security/phishing/355936/inky-announces-20m-series-b-funding-round
phishing

INKY announces $20M Series B funding round

4 Jun 2020
Visit/security/ransomware/355909/microsoft-issues-warning-about-new-ponyfinal-ransomware-attacks
ransomware

Microsoft issues warning about new PonyFinal ransomware attacks

3 Jun 2020
Visit/security/data-breaches/355908/amtrak-guest-reward-suffers-a-data-breach
data breaches

Amtrak Guest Reward suffers a data breach

3 Jun 2020
Visit/security/cyber-security/355903/brand-impersonation-and-form-based-attacks-are-rising
cyber security

Brand-impersonation and form-based attacks are rising

3 Jun 2020

Most Popular

Visit/operating-systems/ios/355935/apple-confirms-serious-bugs-in-ios-135
iOS

Apple confirms serious bugs in iOS 13.5

4 Jun 2020
Visit/mobile/5g/355911/the-uk-pivots-to-japan-for-5g-equipment
5G

The UK looks to Japan and South Korea for 5G equipment

4 Jun 2020
Visit/security/ransomware/355945/new-ransomware-uses-java-to-target-software-organisations
ransomware

Tycoon ransomware discovered using Java image files to target software firms

5 Jun 2020