Scam of the day – October 16, 2015 – Yet another Adobe Flash security flaw discovered

by | Oct 16, 2015 | Scam of the day, Site Related

I have been writing about the security flaws in Adobe Flash for years and finally in July I advised everyone to disable Adobe Flash and use other video software.   Unfortunately, some popular websites including HBO and Spotify still require the use of Adobe Flash.  In an update on the continuing saga of the danger to all of us presented by continuing vulnerabilities in the  Adobe Flash browser plugin for watching videos, security company Trend Micro  has just discovered a new zero day exploit that is being used by hackers around the world targeting foreign affairs ministries.  However, it can be expected that this new security flaw will make its way to hackers with broader targets soon.  Adobe has been alerted to the flaw and is working on a patch.  When it is ready, I will let you know.  Meanwhile as I told you in July, Mozilla, the maker of the popular Firefox browser has blocked Adobe Flash from use on Firefox as a security protection to Firefox users.  This came just a day after Facebook’s head of security went on record saying that Adobe should stop making Flash because it is too flawed.  Flaws in Adobe Flash have been exploited by hackers and identity thieves against individuals, companies and government agencies including the U.S. State Department and the White House.  Problems with Adobe Flash are nothing new.  In 2010 Steve Jobs vociferously complained about its security and it has routinely been cited as being extremely vulnerable.  Despite security patch after security patch, new problems keep coming up.  It appears that just as companies retire certain programs when it is just too difficult to patch them, this may well be the time for Adobe to retire Flash and if it doesn’t, you should consider retiring it yourself and replacing it with another plugin that performs the same function, but is safer.

TIPS

Some alternative plugins you may wish to consider include  GNU Gnash, and Silverlight.  Silverlight can be downloaded free directly from the Microsoft at this link: https://www.microsoft.com/silverlight/ while GNU Gnash can be downloaded free at this link: http://www.gnu.org/software/gnash/

Meanwhile, even if you decide not to use an Adobe Flash alternative, it is important for everyone to remember not to click on links in emails or text messages until you have confirmed that they are legitimate.  Otherwise you risk downloading dangerous malware.