Sponsored By

Adobe Flash: 6 Tips For Blocking Exploit KitsAdobe Flash: 6 Tips For Blocking Exploit Kits

While Adobe does a good job patching exploits, there are additional steps security staffs can take to hedge their bets.

Steve Zurier

May 31, 2016

7 Slides

There’s no rest for weary security managers and their teams of incident responders. A new report from NTT Group security company Solutionary found that Adobe Flash was by far the software most targeted by exploit kits in 2015.

An exploit kit is software that runs on web servers that targets vulnerabilities in client machines communicating with the server that then uploads malicious code on those clients.

Jon-Louis Heimerl, manager of Solutionary’s threat intelligence communication team, says that there was a steady increase in Adobe Flash exploit kits from 2012 to 2014, followed by a dramatic increase in 2015.

“There were 314 vulnerabilities identified in Adobe Flash in 2015, which represents a rate of one new vulnerability every 28 hours, and researchers have found 105 so far this year, for a rate of one new exploit every 33 hours,” Heimerl adds.

Heimerl explains that Flash now runs as a default on most computer systems and is supported across most modern operating systems, which makes it a prime target for bad threat actors.

For those looking to remove Adobe Flash from their systems, Heimerl recommends going to the adobe.com site and then find the search option on the upper right corner. Start typing “Flash uninstaller” and the page for the uninstaller will appear pretty quickly.

Going to the Adobe site is just as important for those who want to install Flash, he adds. “Don’t mess around with any page telling you to “install now,” just go directly to Adobe.com and get Flash from there on the lower right corner,” he explains.

Heimerl says while he personally does without Adobe Flash in many instances, it’s unrealistic to expect that most organizations will wean off such a popular program. Google recently announced it will no longer support Flash by default in Chrome, but they are the only company to make such an announcement. Here are six tips security managers can follow to reduce the risk of being the victim of an exploit kit:

About the Author(s)

Steve Zurier

Steve Zurier

Contributing Writer, Dark Reading

Steve Zurier has more than 30 years of journalism and publishing experience and has covered networking, security, and IT as a writer and editor since 1992. Steve is based in Columbia, Md.

See more from Steve Zurier
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Okta logo
Application Security
Okta Breach Widens to Affect 100% of Customer BaseOkta Breach Widens to Affect 100% of Customer Base
byBecky Bracken, Editor, Dark Reading
Nov 30, 2023
4 Min Read
Businesswoman with ponytail in black suit and businessman in black suit with laptop sit at office desk with stack of presents, look at laptop
Endpoint Security
10 Holiday Gifts for Stressed-Out Security Pros10 Holiday Gifts For Stressed-Out Security Pros
byEricka Chickowski, Contributing Writer
Nov 30, 2023
10 Slides
A row of brown cowboy boots in the su
Endpoint Security
Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCsCritical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs
byNathan Eddy, Contributing Writer
Dec 1, 2023
4 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events