Flash alert: Time to disable popular plug-in

Hacked

Stop us if you’ve heard this one before: It may be time to seriously consider blocking Adobe Flash for all your users. 

The popular plug-in  has always had a sketchy reputation. But in the past week, three separate zero-day vulnerabilities have been found in Flash. All three had been actively exploited at the time the announcement was made.

While the first two have since been patched, the third exploit is currently still vulnerable. The vulnerabilities range from adware to other malware that could infest your systems.

Discovery of the flaw

The flaws were discovered using exploit kits, a cybercrime tool that scans your systems to determine which programs you’re using and, therefore, could be most vulnerable to attack.

This is the first and most basic step many hackers will take in attacking systems – a sort of reconnaissance mission that shows where defenses are the weakest.

That Flash comes up time and again for these vulnerabilities is alarming. While it’s possible that some companies may need Flash for various web apps, it’s increasingly unlikely that’s the case. In most instances, it seems to have almost taken on the role of bloatware – programs that come with your systems but are otherwise useless.

Time to uninstall Flash?

Until another patch is released for the latest version, users are urged to disable Flash.

The safest course of action could be to uninstall the plug-in altogether. Doing so would lead to one fewer vector for attacks, and since mobile browsers haven’t d the plug-in for years, it’s a pretty good indication it may not actually be worth the trouble of constantly patching and updating.

For those interested in learning how to block the plug-in, The Register has a primer:

In Chrome, go to Settings, click on the Advanced Settings link, click on Content Settings under Privacy, scroll down to Plugins, select “Click to play” and save. In Safari, open Preferences, go to the Security tab, click on Website settings alongside Internet Plugins, select Adobe Flash, and alongside “When visiting other websites”, select “Ask” or “Block”. You can whitelist certain sites in the box above.

In Firefox, browse to about:config and click on the “I’ll be careful” button, and search forplugins.click_to_play. If it says “false” in the Value column, double click on it to change it to “true”. Then restart Firefox.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy