Tag Archives: Adobe Flash

I haven’t missed it – The first week without Adobe Flash Player

4 July 2015

In my last week’s post I raised the question whether it might not be useful to solve the endless problems with Flash Player once and for all by just deactivating this add-on.

I haven’t missed Flash Player on my iPad II so far. Regarding usage at home my expectations were clear: The world would not change dramatically. But I hadn’t any clue about the changes at work. Is Flash player often used as add-on in business applications or in the company Intranet?

On Monday morning I started a self-experiment and deactivated Flash Player on my company PC.

Now it’s time to draw a first summary: My expectations were clearly exceeded. Deactivating Flash Player has absolutely no impact on my daily work. I found only one intranet site where  Flash Player was used.

I will continue this experiment for some weeks. My feeling is that Flash Player can be disabled with little or no impact on business. Moreover, it is important to design new sites and applications without using Flash videos.

If you manage to waive Flash Player the attack surface of your system as well as the effort for patching will be reduced dramatically.

Happy 4th of July!

Advertisements

Adobe releases next emergency Flash zero-day patch

27 June 2015

Adobe Flash Player is a real source of irritation. New vulnerabilities are continuously made public. In the last three month 64 vulnerabilities were published in the NIST NVD Database, of which 43 with highest severity 10.0.

The latest vulnerability CVE-2015-3113, that potentially allows an attacker to take control of an affected system, is a technically advanced piece of malware. For technical details see the FireEye blog post ‘Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign’.

As usual the attack is started through a phishing email. And, once the attackers got access to the victim’s network, they move laterally through the network in the search of valuable information.

With this we have the first and second line of defense in a prevention strategy: User awareness training to support users in recognizing such attacks, and system isolation to prevent the attackers from moving laterally through the network.

Perhaps it’s time to solve this problem once and for all by uninstalling Flash Player…

Have a good weekend.