Adobe Flash Player has become known as one of the top programs with serious security issues. In fact, online security experts have found out that most of the vulnerabilities that were discovered in 2016 belonged to Adobe. This is definitely troubling since many people are still using the program and are not fully aware of the risks they are facing.
Adobe is doing its best to catch up with these vulnerabilities and provide users with the best possible solutions. Here are some of the top Flash Player security vulnerabilities (based on a Recorded Future report that tracked vulnerabilities from November 2015 to November 2016) as well as the fixes that Adobe has provided:
This vulnerability affected Adobe Flash Player 18.104.22.168 as well as earlier versions, and it had impacted users on Linux, Macintosh, Windows, and Chrome OS. If it was successfully exploited, it could cause computers to crash and allow hackers to remotely control the system.
Recorded Future ranked CVE-2016-1019 as the top vulnerability for Adobe Flash Player in 2016 in terms of references. This means that, among Flash Player vulnerabilities, it had the highest number of references that linked it to an exploit kit. It had 690 references, which made it second only to CVE-2016-0189, an Internet Explorer vulnerability that had 718 references and gained the number one spot as the top vulnerability of 2016. CVE-2016-1019 was used in three exploit kits, namely Magnitude, Neutrino, and Nuclear Pack.
Adobe released a security patch to fix CVE-2016-1019 in April 7, 2016.
This vulnerability affected those who were using Adobe Flash Player 22.214.171.124 and earlier versions on Linux, Windows, Macintosh, and Chrome OS. Like CVE-2016-1019, it could cause a crash and give hackers access to the affected system if it was successfully exploited.
CVE-2016-4117 ranked third in Recorded Future’s report since it got 554 references. It was used in four exploit kits, namely Angler, Magnitude, Neutrino, and RIG.
To counter this threat, Adobe released Flash Player version 126.96.36.199 in May 12 2016. This update provided security fixes for CVE-2016-4117 as well as many other vulnerabilities.
This vulnerability is almost two years old, yet it’s one of the security threats that experts will definitely remember because of its impact.
CVE-2015-7645 affected Adobe Flash Player 188.8.131.52 and earlier versions that ran on Windows, Linux, and Macintosh users. Just like with other vulnerabilities, it could cause computer crashes and give hackers remote access to affected systems.
CVE-2015-7645 ranked tenth in Recorded Future’s report. It didn’t have as many references as the others (it had only 70), but what made it stand out was that it was used in seven exploit kits: Angler, Hunter, RIG, Neutrino, Spartan, Magnitude, and Nuclear Pack. This means that it had a wider reach and higher chances of affecting users.
Adobe acknowledged the existence of CVE-2015-7645 in October 14, 2015, and released an update to patch it up in October 16.
These are just some of the top vulnerabilities for Adobe Flash Player. There have been many other security threats discovered over the years, and tech experts will surely find more in the future. To ensure you’ll stay safe when using Flash Player, download the latest version as soon as it comes out and get your updates from the official Adobe download page only.