In the latest Flash Player update, Adobe noted that one of the patched vulnerabilities was being exploited in targeted attacks. While keeping the browser technology up-to-date may feel like a thankless task, the cycle of Flash-based attacks and patches may soon be over. Security researchers predict that by early 2017, exploit kits will no longer be able to rely on outdated versions of Flash Player to infect end users.
Exploit kits take advantage of outdated software vulnerabilities in popular applications such as Microsoft Word, Java, and Flash Player in order to take control of systems. Flash vulnerabilities are the “lowest hanging fruit” for prominent exploit kits such as Angler and Nuclear to target in order to get that initial foothold on end user machines, Sean Sullivan, a security adviser with F-Secure Labs, said in the F-Secure Threat Report 2015. Once they are on the system, the kits download additional malware and execute commands to carry out the attack goals. Flash may be the “last ‘best’ plugin” for exploits to target, but as Flash usage continues to decline, exploit kits will find it harder to find unpatched versions to target.
To read this article in full or to leave a comment, please click here