The latest round of Adobe Flash vulnerabilities proves once again it is time to disable or remove Adobe Flash from all your devices where possible. The news continues to be filled with new zero-day vulnerabilities associated with this product. The latest leak from the Hacking Team has illustrated that hackers aren't only targeting known vulnerabilities in Flash, but are finding new ones at a rapid pace. The risk and the burden of trying to protect against the threats targeting this product have made it not worth the effort.
In 2015 alone there have been one hundred and thirty two Adobe Flash vulnerabilities published in the National Vulnerability Database to-date. That is a rate of twenty per month. Moreover, within as little as four days these new vulnerabilities are being added to some of the most well-known exploit kits and used in directed attacks. The reason is Adobe's security teams can't produce patches at the rate that the vulnerabilities can be exploited. Hackers know this and are taking advantage.
Steve Jobs wrote an open letter in April 2010 explaining why he wouldn’t let Flash anywhere near Apple’s mobile products. He highlighted concerns over openness, security, and impact on battery life. He was right. Maverick covered the need to eliminate Flash from your online diet less than a year ago, citing similar security issues. HTML 5 is a sound, albeit still young, replacement for Flash and was Jobs’ solution to the Flash risk five years ago.
So what should be done?
First recommendation, remove it from your PCs and mobile devices. Next, disable it by browser. Instructions for the four major browsers are here:
Chrome: Go to chrome://plugins in your search bar. Scroll down to Adobe Flash Player. Click Disable.
Safari: Go to Safari > Preferences. Click Security. Click Manage Website Settings. Click Adobe Flash Player. Go to the When visiting other websites dropdown and click Block.
Firefox: Go to the hamburger icon in the upper righthand corner. Click Add-ons. Go to the lefthand column and click Plugins. Go to the dropdown next to Shockwave Flash and select Never Activate.
Internet Explorer: Go to the gear icon in the upper righthand corner. Click Internet options. Click Programs. Click Manage add-ons. Click Shockwave Flash Client. In the lower righthand corner, click Disable.
Adobe makes many fine products, but Flash is not one of them. It was acquired from Macromedia years ago and has not stood the test of time for the evolution of Internet security. Its time has come. Remove Flash and eliminate the headaches and risks associated with trying to protect your data and devices from it. As always, if you have any questions or require further assistance, contact your personal Maverick cyber-security concierge.