Adobe Flash Player Issues Offer Endpoint Lessons

Tuesday, April 12, 2016

Amir Geri


The recent vulnerabilities found in Adobe’s Flash Player have forced the company to issue out security patches yet again. This comes as no surprise to most, since the Flash Player is notorious for having bugs. Flash has been extremely vulnerable and exploited in many high profile attacks via zero-days, as well as commodity attacks leveraging popular exploit kits. Just last year, users had to uninstall Flash when a critical vulnerability was discovered.

Companies have taken it upon themselves to avoid running into Flash Player as much as possible. The Firefox browser blocks Flash by default, and Google Chrome introduced a setting that blocks Flash content from automatically playing, offering users a warning message before proceeding. Six years ago, Apple explained that Flash was too outdated to implement on iOS devices. Last December, even Adobe itself started encouraging content creators to build content using new Web standards such as HTML5. However, Adobe still has not mentioned anything about discontinuing Flash Player.

Another conservative approach some organizations take is to block Flash Players from automatically playing any content. Through this approach, users will need to approve each video before it plays. This method prevents unknown videos from exploiting unresolved vulnerabilities. Sometimes the best way to avoid security issues is by not using an insecure program at all. However, this is an almost unrealistic approach, since most people have Flash Player installed. The majority of users will have to update their Flash Player to avoid becoming victims of these newly discovered vulnerabilities.

Adobe has warned that all users, no matter what OS they’re using— Windows, OS X, Android, Chrome OS, Mac, iOS, and Linux, are all vulnerable. Five of the vulnerabilities that this Adobe update fixed were critical, but only one vulnerability (CVE-2016-1010) was identified by Adobe as a zero-day flaw that hackers were already exploiting in targeted attacks. These vulnerabilities leave organizations open to major threats, since they allow hackers to execute their own code on affected systems.

Whether the decision is to uninstall Flash entirely or ensure that all updates have been completed across the enterprise, the challenge most IT practitioners often face is related to compliance. Getting entire enterprises to update or uninstall Flash in a timely fashion will be a challenging undertaking.

  • Better Monitoring: Companies need to identify unauthorized applications and validate that endpoints are not running any applications that could permit remote control access, key logging, file sharing or hacking tools. Note that Microsoft Windows updates validate that each endpoint is up to date with the latest Microsoft updates and if not, what updates are missing.
  • Leverage Cloud-based Endpoint Protection: Cloud technologies can prove beneficial in identifying risks towards targeted attacks simply because the cloud allows rapid sharing and roll out of detections and protections at scale. Cloud solutions are continuously updated to cover emerging threats, and designed to grow with your business. This automates compliance with your cybersecurity policies by monitoring all the endpoints in your enterprise.
  • Vulnerability Detection: Companies need a process in place to determine on an ongoing basis any and all vulnerabilities for common user applications such as Chrome, Firefox, Java in addition to Adobe. Endpoints are the most sensitive areas of your company’s network environment, which makes them a prime target for hackers.

As security threats continue to become more complex, companies need to embrace endpoint security as a critical part of their total security portfolio to protect against future gaps and vulnerabilities.


About the Author: Amir Geri handles research and development at Promisec, a pioneer in endpoint detection and remediation. 

Enterprise Security CVE
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.