SecureMac, Inc.

Adobe Issues Zero-Day Exploit Patch for New Flash Vulnerability

November 11, 2016

Once an undeniable staple and even a trendsetting application across the web, Adobe Flash no longer enjoys the widespread popularity it once did. This shift of power is due in part to the rise of HTML5 video support across the Internet. Being more stable and secure, HTML5 offers a superior alternative to Flash. The deprecation of many Flash only websites also ensures that the web is easier to browse and more mobile friendly. Nonetheless, there are still some sites which require Adobe Flash to function properly. We advise users still …

Adobe Issues Zero-Day Exploit Patch for New Flash Vulnerability

Once an undeniable staple and even a trendsetting application across the web, Adobe Flash no longer enjoys the widespread popularity it once did. This shift of power is due in part to the rise of HTML5 video support across the Internet. Being more stable and secure, HTML5 offers a superior alternative to Flash. The deprecation of many Flash only websites also ensures that the web is easier to browse and more mobile friendly. Nonetheless, there are still some sites which require Adobe Flash to function properly. We advise users still employing Flash to take note of a recent crucial security patch deployed by Adobe recently.

This patch, issued in early October, corrects a zero-day exploit through which a hacker could infect a user’s machine with a malicious Flash file. By manipulating Flash, the hacker could then run additional arbitrary code on your computer and eventually gain total control over the system. Worst of all, hackers could silently exploit this loophole, making it almost undetectable for users. The exploit primarily affects Windows machines; however, Adobe issued updates for all platforms out of an abundance of caution. Considering this quite critical flaw, it’s worth reconsidering whether you should maintain a Flash installation.

For its part, Apple continues to make a concerted effort to reduce the potential for Flash exploits on the Mac platform. The company’s refusal to support Flash on iOS was once a source of conflict. Now, however, it seems it was a wise move. Even on the desktop, Apple strongly discourages users from accessing Flash content. When browsing in Safari, any sites featuring Flash content will first trigger a warning. You must now opt-in to use Flash content. With the small number of web pages that still require Flash to function, consider removing the add-on altogether.

Normally, staying on top of updates is an excellent form of protection. The frequency with which Flash zero-day exploits appear, however, makes it a risky piece of software to use. Its age is a liability as well; the technology of the Internet has advanced far beyond what it was when Flash was most popular. Even if you continually patch Flash as Adobe releases updates, you may still be unknowingly vulnerable. The fact that Safari asks users to opt-in to viewing Flash content is telling in its own right. If you must continue to use Flash for whatever reason, be vigilant about monitoring security news and updates from Adobe.