Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adobe Flash player security risks


  • Please log in to reply
12 replies to this topic

#1 Beel

Beel

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:15 PM

Posted 18 June 2016 - 10:16 AM

http://www.smh.com.au/technology/consumer-security/adobe-flash-player-just-got-patched-for-36-security-issues-probably-time-to-kill-it-20160617-gpl9a5.html

 

After reading this I went ahead a uninstalled adobe flash player from my W7 laptop.

Any suggestion where we go from here would be greatly appreciated.

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 LiamP5

LiamP5

  • Members
  • 330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York City, New York, USA
  • Local time:09:15 PM

Posted 18 June 2016 - 10:35 AM

I am not sure whether it is a risks or not? I have adobe flash player from 2 yrs but i have not problem with it.
To achieve something first try
to get the knowledge about it.
Be happy, always try
for it
.......................Lets do it and learn from bleepingcomputer.com Never feel alone

#3 Beel

Beel
  • Topic Starter

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:15 PM

Posted 18 June 2016 - 11:09 AM

Thanks LiamP5 will give it another go as there is some thing I need to do and I need it. Good luck.



#4 frankp316

frankp316

  • Members
  • 2,677 posts
  • OFFLINE
  •  
  • Local time:12:15 AM

Posted 18 June 2016 - 11:10 AM

You should probably do nothing. As it says in the article, most major video sites have already switched to html and Chrome and Firefox also use html. There may be the odd site that still uses Flash. But they should switch to html shortly and Flash will eventually be phased out and rendered obsolete. Adobe doesn't need to do anything. It's being done for them.



#5 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:12:15 AM

Posted 18 June 2016 - 11:22 AM

The risk comes for example, by landing on a malicious website that can take advantage of the frequent vulnerabilities found in Flash (browser plug-in) to download and install malware to your machine, all in the background with no input from you.

You dont have to visit a malicious website either you could get redirected to one. Even legit sites can host malicious ads until there realized and removed. Java also has a frequent patch cycle.

Removing both Flash and Java would reduce your browsers potential attack surface.

At the least keep them updated.

 


How Can I Reduce My Risk to Malware?


#6 Beel

Beel
  • Topic Starter

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:02:15 PM

Posted 19 June 2016 - 11:35 AM

Okay thanks again for all your help & info here. I will staying with Adobe flash player. And not being a heavy internet user apart from news papers etc where I might look at a particular video on one of them at times and perhaps a video in an email one of my relations send me.

Touch wood I have been a Windows user since Windows 98 and have never had a problem with viruses or whatever. Don't venture into sights I know nothing about  :wink:



#7 JohnnyJammer

JohnnyJammer

  • Members
  • 1,120 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:03:15 PM

Posted 19 June 2016 - 05:07 PM

As Brian Krebs says, unless you need it get rid of it because its one if not the biggest vector for attacking a node.

What i find with email reports i get is they always try and redirect to a compromised site which then tries to use the AutoPlay feature in adobe flash to inject malicious code.

This is how a lot of malware and cryptoware is delivered to my users, generally through a word macro which pulls a .swf file or a VBS script trying to do the same.

When you scan the site using urlquery and read the HTTP requests you can see it trying to download a file, scan that full URL at virus total and bingo you see a malformed .swf file.

 

If you need it then disable auto play in adobe flash and it will prompt to load the flash applet.



#8 JasmineJasmine

JasmineJasmine

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:US
  • Local time:08:15 AM

Posted 20 June 2016 - 05:13 AM

But if you use Google Chrome, you are most likely using Google's Flash anyway :^)



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 AM

Posted 21 June 2016 - 07:52 AM

Older versions of a lot of popular software such as Adobe (Acrobat Reader, Flash Player, Shockwave Player), Java, Windows Media Player, VLC Player, Web Browsers are vulnerable to exploits and should be kept updated. There are serious security issues with older versions which can increase the risk of system infection. Infections spread by malware writers and attackers exploiting unpatched security holes or vulnerabilities in older versions. Software applications are a favored target of malware writers who continue to exploit coding and design vulnerabilities with increasing aggressiveness.

Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Tools of the Trade: Exploit Kits


The majority of computers get infected from visiting a specially crafted webpage that exploits one or multiple software vulnerabilities. It could be by clicking a link within an email or simply browsing the net, and it happens silently without any user interaction whatsoever.

Web Exploits

The only thing that Adobe Flash threatens more than your privacy is your security. Flash has been riddled with exploitable vulnerabilities.


You don't need Adobe Shockwave and I recommend just uninstalling it.

 

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 FrostytheDragon

FrostytheDragon

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:15 AM

Posted 22 June 2016 - 09:46 PM

If you want to avoid being dropped into or redirected to a malicious web site get yourself an updated MVPs Hosts. http://winhelp2002.mvps.org/hosts.htm


Edited by FrostytheDragon, 22 June 2016 - 09:47 PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 AM

Posted 23 June 2016 - 05:51 AM

A MVP HOSTS file can help with prevention but it is not a cure all.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 FrostytheDragon

FrostytheDragon

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Canada
  • Local time:12:15 AM

Posted 23 June 2016 - 11:37 PM

Agreed. I didn't say it was a cure all. It can help and it's surprising how many new people don't know it.



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:15 AM

Posted 24 June 2016 - 05:12 AM

Yea that kind of information is not found on Facebook.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users