Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 2 MINUTES AGO.
You are here: Home / Computing / Flash Zero-Days: Why So Many Lately?
Flash Player Zero-Day Vulnerabilities: Why So Many Lately?
Flash Player Zero-Day Vulnerabilities: Why So Many Lately?
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
FEBRUARY
06
2015
Even for the vulnerability-troubled Adobe Flash Player, the emergence of multiple Flash zero-days over just a few weeks is unusual, according to a cybersecurity expert. Adobe has reported and issued updates for three zero-day exploits since January.

"It's an odd case," said Karl Sigler, threat intelligence manager for the Chicago-based cybersecurity firm Trustwave. "We haven't seen it before."

While there "could be different things behind it," Sigler said, he added that he suspects the quick succession of zero-days suggests the same perpetrators have been responsible for all three recent exploits.

'A Lot of Redirection'

The recent zero-days launched infections automatically through advertising malware delivered unknowingly through legitimate Web sites. For example, one Flash exploit tracked by researchers at Trend Micro was traced to ads on the popular video-sharing site Dailymotion.

Delivered through the until-now little-noticed Hanjuan Exploit Kit, the latest Flash zero-day "uses a lot of redirection" but is based on a relatively simple set of codes, Sigler told us. While other exploit kits such as Angler feature "extensive logic," the Hanjuan kit is both simpler and "more targeted," he said.

Adobe on Thursday released a number of security updates aimed at the recent zero-days. The vulnerabilities have affected Mac, Linux and Windows (8.1 and earlier) systems running the Internet Explorer or Firefox browsers. They work by redirecting users to a series of URLs until they eventually land on a malicious site where the exploit is hosted. After arriving there, the exploit "could potentially allow an attacker to take control of the affected system," Adobe warned.

Use Gateway Protection and Network Monitoring

Beyond ensuring their systems' anti-malware protections are up to date, users can protect themselves against such attacks in several ways, Sigler said. All the major browsers, for example, offer plug-ins that can control how Flash is deployed on a system. Trustwave also has a secure browsing plug-in that supports a wide range of operating systems, browsers and protocols.

Businesses -- which face special security challenges as a growing number of employees bring their own devices in to work -- can also use Web and anti-malware gateways to block access to online exploit kits and malvertising, Sigler said. Furthermore, he added, "You need to make sure you have excellent network monitoring."

The recent zero-day issues are yet another indication that the days of Flash may be numbered, Sigler added. More sites are now using HTML5 instead of Flash, although the reason for that is more likely often the native support for HTML5 on mobile devices rather than security, he said. YouTube recently announced its default video player would be HTML5 rather than Flash-based.

"Flash doesn't have a very good history from a zero-day perspective," Sigler said. "The tradeoff is becoming a little harder to swallow."

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN COMPUTING

NETWORK SECURITY SPOTLIGHT
A security researcher has found that hundreds of different models of HP notebooks, tablets, and other devices include a keylogger that could track and record every keystroke a user makes.

CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.