This week saw a new Adobe Flash security vulnerability discovered. This is the fourth major security vulnerability to be found in Adobe Flash software so far this year.
The latest security risk with Adobe Flash was uncovered by FireEye Intelligence, and it could be one of the most serious threats uncovered to date. The vulnerability can be exploited by hackers and used to browse PCs and computer networks for protected data that can be stolen.
Adobe has been alerted to the security risk and a patch has been developed to tackle the problem, which is currently being rolled out. Unfortunately roll-outs can take some time. Users are also required to initiate the update and download the new version of the software. Since manual action is required to update the software there is considerable potential for some networked computers to be missed.
A Particularly Dangerous Adobe Flash Security Vulnerability
Hackers can exploit the Adobe Flash security vulnerability by using a modified image file. Once a target host has been infected, hackers then dump credentials and move laterally to other host machines. Malicious software and backdoors can be installed allowing hackers to return to the system whenever they choose. Unfortunately, once access has been gained it can be very difficult to identify that a data breach has occurred.
New security flaws are discovered on an almost daily basis, many of which have yet to be fully exploited by hackers. This Adobe security vulnerability is different. It would appear that hackers are already using it to break into computer systems and steal corporate data. According to FireEye, “a Chinese hacking collective known as APT3 is already exploiting the vulnerability by sending phishing emails to companies in the engineering, telecommunication and aerospace industries.”
FireEye alerted Adobe to the security flaw, and since the risk of attack was perceived to be particularly high, a warning was issued to all users of the software to update to the latest version. Since the vulnerability is currently being exploited – and hackers are able to gain access through the Magnitude exploit kit – any computer that has not yet been updated represents a serious security risk.
IT departments are advised to conduct an audit to identify computers and servers that have not yet been updated as a matter of urgency. Software updates should then be performed as soon as possible to keep networks secure.
Adobe Flash a Major Security Worry
Adobe Flash contains a number of security flaws and new zero-day malware is being developed to exploit vulnerabilities. The software architecture is complex and the program is particularly vulnerable to attack. #
The best defense against hackers is to ensure that the software is set to update automatically. Since vulnerabilities are often exploited by re-directing users to websites infected with malware, and popup windows are a preferred method of delivery of malware, these should be blocked on all healthcare PCs. It is also important to change the configuration of the software so that it does not run automatically.
Adobe has admitted that the software is a concern, and that it cannot hope to find all of the Adobe Flash security vulnerabilities that exist in time to prevent hackers from exploiting them. Because of this the software company has made the decision to issue a call for help, and is asking users to check the software for vulnerabilities. This will allow Adobe to concentrate on developing patches and should result in faster security updates.