Flash Player Security Flaws Used in Most Exploit Kits, Security Research Shows



Flash Player continues to put computers across the world at risk due to its vulnerabilities and a new research conducted by RecordedFuture shows that cybercriminals are still looking for security flaws in Adobe’s solution to compromise computers.

A total of 6 of the top 10 vulnerabilities used by exploit kits this year impacted Adobe Flash Player, with just one security flaw being targeted by no less than seven exploits.

“[This is] the highest penetration level of our analyzed vulnerabilities likely because it was the first zero-day discovered after significant Adobe security changes,” the research shows.

Internet Explorer, Windows, and Silverlight also provided vulnerabilities that exploits were targeting, and security flaw CVE-2016-0189 found in Microsoft’s browser was one of the most exploited by cybercriminals.

Microsoft’s Internet Explorer was targeted by exploit kits such as Magnitude, Neutrino, RIG, and Sundown, while Flash Player flaws were being used by Angler, Magnitude, Neutrino, RIG, Nuclear Pack, and Spartan.

Windows, Linux, and macOS at risk

CVE-2015-7645 was of particular interest for exploit kit developers, as it impacted not only Windows, but also Mac and Linux systems, and the security firm says that it was targeted in a big number of kits.

“It can be used to take control of the affected system. Additionally, it was the first zero-day exploit discovered after Adobe introduced new security mitigations, and as such, it was quickly adopted as many other older exploits ceased working on machines with newer Flash versions. The vulnerability was also noted as being used by Pawn Storm (APT28, Fancy Bear), a Russian government-backed espionage group,” the research shows.

RecordedFuture says that all vulnerabilities that exist in these software solutions must be patched as soon as possible by bringing them fully up-to-date, and also recommends to “remove the affected software if it doesn’t impact key business processes.”

As for Internet Explorer users, the company says that it’s better to consider Chrome because of Google’s Project Zero’s attention to Flash Player vulnerabilities, but at the same time, Microsoft also promises to offer increased security with the new Edge browser available in Windows 10.

DjpVdER.jpg