Flash a Top Attack Tool

Tuesday, November 10, 2015 @ 05:11 PM gHale

Adobe Systems’ Flash plugin is a favorite of bad guys, a new report said.

The report, conducted by Recorded Future, looked at over 100 exploit kits, which are frameworks planted in Web pages that automatically probe for software vulnerabilities when a user browses to a page.

Fixed Flash Zero Day in Exploit Kits
Adobe Mitigates Shockwave Holes
Emergency Flash Update Nabs Zero Day
Flash, Acrobat, Reader Holes Fixed

Those who develop exploit kits often end up hired by others to help distribute specific kinds of malware.

Of the top 10 vulnerabilities found in the exploit kits, eight of them targeted Adobe’s Flash plugin, used on millions of computers to play multimedia content, according to Recorded Future, a cybersecurity intelligence firm based in Somerville, MA.

To arrive at its conclusions, Recorded Future looked at software vulnerabilities known to see use in popular exploit kits such as Angler, Neutrino and Nuclear Pack as well as in cybercrime forums between January and September.

Echoing the conclusion of other security experts, Recorded Future said the findings call “into question Flash’s place in a secure operating environment.”

“While the role of Adobe Flash vulnerabilities as a regular in-road for criminals and malware should come as no surprise to information security professionals, the scale is significant,” the report said.

Adobe has been working for years to make Flash more secure through code reviews, but it appears to be a big task for the 20-year-old application.

Monthly patches almost always release from Adobe, and emergency patches come out for Zero Day flaws cybercriminals are actively using.

Click here to download the report.