Every time Adobe Flash Player releases an update, you know it comes with patches and bug fixes. Because recently, and what has been going on for a while, is that what used to be an important platform has now become a favorite channel for hackers to deliver virus and other forms of malicious attacks.
This resulted in Adobe Flash Player being removed from major search engines to protect users from attack, especially the unsuspecting ones. Today, you need to enable Flash so videos and other Flash-based media to play on certain websites. There’s also a campaign going on to have Flash Player replaced with HTML5. But why all the fuss?
You’ll have a better understanding of the reality of such security concerns if you get an idea of what the security vulnerabilities in Adobe Flash Player could do to your computer and network system, if and when it gets infected.
Arbitrary code execution
Most of the security vulnerabilities in Adobe Flash Player surrounds arbitrary code execution, which will allow an attacker to manually run arbitrary commands on an infected system. Different versions of the Flash Player has many exploitable areas, giving hackers many opportunities.
CVE-2017-3074, for example, affects versions 18.104.22.168 and earlier that has a Graphic class vulnerable to memory corruption. CVE-2017-3073 will cause the same problem, but the point of attack is delivered through exploitable use after free vulnerability. Other points of vulnerabilities in the same version include BitmapData class, ConvolutionFilter class, BlendMode class, and Advanced Video Coding engine.
Adobe Flash Player version 22.214.171.124, on the other hand, is affected by CVE-2017-3064, CVE-2017-3063, CVE-2017-3063, CVE-2017-3062, CVE-2017-3061, CVE-2017-3060, CVE-2017-3059, and CVE-2017-3058, all of which will result in arbitrary code execution when successfully executed.
Other versions suffer the same fate for the simple fact that Adobe Flash Player is widely used, and many programmers and website owners are still unwilling to use anything else. Even if Google Chrome and Firefox have already ended their support for Flash, many websites still rely on it to run multimedia features. Most of them don’t know how to quit the software app either.
The good news is Adobe continues to improve their security. In fact, there is so much focus on security that, sometimes, improvements on features and performance are overlooked. Then again, security patches matter more than performance improvements.
Bug fixes and security patches
Arbitrary code executions can be a major nightmare for anyone affected. It doesn’t even matter if you’re using Windows, Mac, or Linux because security vulnerabilities of Adobe Flash Player happen across the board. The best line of defense is to update Flash Player as soon as new versions are released. In fact, it is highly recommended that you enable automatic updates, so you don’t need to do it manually.
Doing so eliminates the risk of you failing to update promptly and making your computer vulnerable to attacks. If you use Adobe Flash Player on your mobile device, you should set them to update automatically as well.
It’s best to be ready for when Adobe Flash player addresses security vulnerabilities through software updates.