Saturday, July 18, 2015

The Threat Posed By Adobe Flash

Threat of Adobe Flash
Not everyone is aware that Google and Mozilla will be dropping default support for Adobe Flash, citing the plug-in software’s newly discovered vulnerabilities to cyberattacks. These moves came only a few days after Facebook’s chief of security called for Adobe to set an "end of life" date for the oft-exploited 20-year-old platform.

This could be the reason why most web surfers are encountering on-screen messages asking for the user to update their system or use another application.

Adobe Flash is a software platform that runs video, animation, and games inside of Web pages. Flash was born at the dawn of the Web in 1996 and quickly became the standard for Web video, especially after a little startup called YouTube began using it in 2005. But now it’s largely obsolete, as most Web sites and apps use different technologies for the same purpose.

The Flash a problem is also the very thing that made Flash so popular — its ability to run complex scripts from websites users visit — can also be used for malicious purposes.

Computer scripts written in Flash can directly access the memory on the computer, which is just inviting attacks, or "exploits," says Chase Cunningham, a cyberthreat expert at security company FireHost. "Anytime a site is able to access your computer’s memory, it’s able to make changes on the local machine itself [your PC]. That’s when you run into exploits."

Flash has long been one of the biggest attack methods of choice for cybercrooks and spying governments, as security vulnerabilities turn up on an almost daily basis. Just this July 2015, Adobe put out security alerts and fixes for 38 vulnerabilities in Flash Player. A few days ago, it came out that a company called Hacking Team had been using previously unknown flaws in Flash to create spyware that it sold to oppressive governments in countries such as Sudan and Saudi Arabia.

Flash also uses up a lot of computing resources and can bog systems down. "We ... know firsthand that Flash is the number one reason Macs crash," wrote Steve Jobs in an Apple blog post from April 2010.

Everyone probably have Adobe Flash — especially those who are using a Windows PC, rely on an older browser, or were prompted by a Web site to install it.

In October 2010, Apple announced that it would no longer install Flash Player on its computers — including its Safari Web browser — although users could install it on their own if they wanted to.

The latest version of Mozilla Firefox launched with a block for Flash Player (though after an update by Adobe, Mozilla has re-enabled use of the plugin in its browser). Google’s Chrome browser comes with Flash, but it is disabled by default.

However, users may have installed or enabled Flash Player if a website prompted them to. "I would say probably 97 to 98 percent of systems out there have some version of Flash running on them," said Cunningham.

With regards to smartphones, chances are good that Flash is not installed.

Apple completely banned Flash from its mobile devices running the iOS operating system, such as the iPhone, iPad, and Apple Watch. Apple’s rejection of Flash helped spur Web and software developers to use other technologies for delivering video or animating games.

Google’s Android mobile software briefly supported Flash, but it was generally choppy and used up more battery than other formats. In 2012, Adobe dropped support for Android, and Flash has been absent since Android 4.1 (Jelly Bean), which came out that same year. (Adobe also dropped support for BlackBerry and Windows Phone.)

Adobe Flash is also not generally needed in computers. Most websites have switched over to another video format, called HTML 5. It’s the default on both YouTube and Vimeo, for example. So unless users need Flash for a specific site, it’s best to uninstall it or block it.

For Firefox, users should just type "about:addons" into the browser’s address bar, click Plugins on the left side of the page, scroll down to Shockwave Flash, then click the dropdown menu on the right and select Never Activate. With Firefox, users can also install a Web browser extension called NoScript, which blocks not only Flash but also other scripts that attackers can exploit, such as JavaScript.

No comments:

Post a Comment