Tuesday, 10 February 2015

Zero Day Security Threats - a Big Issue for Adobe Flash Player so far in 2015

Whilst the New Year is supposed to symbolise a fresh start and better things to come, not all businesses have been so lucky. We’re only just over a month into 2015 and Adobe has already experienced nu

 

Whilst the New Year is supposed to symbolise a fresh start and better things to come, not all businesses have been so lucky. We’re only just over a month into 2015 and Adobe has already experienced numerous zero day exploits, which are causing significant problems for computer users.

Despite implementing a disciplined security regime after the trend of zero day Flash exploits in 2009, the company’s Flash Player has been hit by multiple zero day threats, with the latest being publicly disclosed by the company in a bulletin released on 2nd February 2015. The latest vulnerability is identified as CVE-2015-0313 and is currently present in Adobe Flash Player 16.0.0.296 and older versions.

In its advisory bulletin to users, Adobe has warned that successful exploitation could result in users’ systems crashing and potentially allow an attacker to take control of an affected system. They have also said that the majority of exploitations are taking place via drive-by-download attacks on systems running Internet Explorer and Firefox on Windows 8.1 and below.

So far it has been reported that the drive-by-downloads are being served through ads on the likes of dailymotion.com, theblaze.com, nydailynews.com, tagged.com and webmail.earthlink.net. Although the vulnerability was only disclosed by Adobe this week, it’s thought that the exploits have been active since 3rd December 2014.

Back in 2014, it was Microsoft’s Internet Explorer browser that was exploit writers’ main target. However, after releasing a number of security updates, Microsoft were able to successfully put a stop to the technique that exploit writers had been using. After that there was a quiet, exploit-free period but it turns out that exploit writers were simply looking for their next target and that unsurprisingly was Adobe Flash Player.

Seeing as Flash has a similar attack surface to IE and exploit writers were already using the software to carry out IE exploits, all they had to do was start looking for bugs in Flash and continue using the same techniques they were using last year.

 

Why is Flash so vulnerable to attacks?

Although tech experts don’t see these issues as being a fundamental insecurity in Flash, it’s fair to say that the technology doesn’t exactly have a great track record for being secure. Cyber criminals tend to pick applications that are widely used and known for poor security history, making the Adobe Flash Player a prime candidate.

One of the reasons why Flash is so vulnerable to attacks is because of its age. Every time the software is updated, numerous security holes are added, which end up being patched along the way. Unfortunately though, it is these security holes that criminals are able to target and exploit. It’s advised if you feel at all vulnerable to call us here at Grant McGregor to discuss a strategy to protect yourself from these Adobe zero day threats.

 

What can Adobe Flash Player users do?

Although the attacks target Windows users running Flash in Internet Explorer and Firefox, the underlying CVE-2015-0313 is also said to be present in Flash for Macs and Linux too.

Adobe has already begun distributing a fix to Flash Player users that have opted in to receive automatic updates but for those who haven’t, it is recommended that you currently disable Flash or at least use it in Google Chrome (as it has the best anti-exploit protections).

Enabling the click-to-play feature in your browser will prevent plugin-based content like Flash from automatically running without your consent and keeping your anti virus software up to date will also help, as Adobe shares exploit samples with most security vendors so they are able to detect signatures.

 

For more information about how to keep your IT system secure, feel free to get in touch with Grant McGregor.

 

 

Image source: https://farm8.staticflickr.com/7529/15921569186_0392f01293.jpg

Image credit: perspec_photo88