Many of you have probably already heard that Adobe Flash has been compromised several times in this last year but according to an article by Chris Smith of BGR, “Hackers are already more than aware of the software’s security issues and are happy to exploit them for various malicious purposes. That’s exactly what happened in late July when hackers used Flash to infect Yahoo websites with malware in what has been described as one of the largest ‘malvertising’ attacks seen in the recent months.”. The security company that discovered the attack, Malwarebytes, had the following to say,
“Right now, the bad guys are really enjoying this. Flash for them was a godsend.”
While Yahoo neglected to mention the number of website visitors affected they stated that, “We take all potential security threats seriously. With that said, the scale of the attack was grossly misrepresented in initial media reports, and we continue to investigate the issue.” There are ways to mitigate the vulnerability like upgrading to the latest version of Adobe Flash but our recommendation is to completely disable it! More and more we are seeing legitimate websites getting hacked through Flash and 0-day vulnerabilities so it no longer becomes a matter of safe user behavior. No matter how safe of an internet surfer you may be, if you have flash enabled you are leaving yourself vulnerable to attacks.
If you are using chrome you can disable flash by:
1) Opening a new tab
2) In that new tab type, “chrome:plugins” and hit enter
3) Find Adobe Flash Player in the list, and click disable.
If you are using Internet explorer you can disable flash by:
1) Once in IE click the tools button, then click manage add-ons
2) Under Show, click all add-ons, and find Adobe Flash Player
3) Click disable.
If you are using Firefox you can disable flash by:
1) Click the menu button in the upper right hand corner and select addons
2) Then click on plugins and find, “Shockwave flash”
3) Use the drop down and configure this plugin to, “ask to activate”.
In Windows 10 new Edge browser you can disable flash by:
1) While in Edge click the menu button in the upper right hand corner and click settings
2) At the bottom of the settings menu click, “View Advanced Settings”
3) Then make sure the option for, “Use Adobe Flash Player” is marked as, “Off”