More bad news for Flash-dependent websites
- By Amanda Ziadeh
- Nov 10, 2015
Recent threat analyses of more than 100 exploit kits and known vulnerabilities found Adobe Flash Player to be the most commonly exploited product. According to the report by Recorded Future, that software provided eight of the top 10 vulnerabilities used by exploit kits in 2015.
The exploit kits represent malware software or crimeware as a service. Users pay per installation of the malware, and push the exploitations through compromised sites or malicious third-party advertising. When victims load the web page or follow a bad link, the exploit code is launched and possibly downloaded.
Recorded Future analyzed 108 exploit kits from Jan. 1 to Sept. 30 of this year and found thousands of web references linking Adobe Flash Player vulnerabilities to an exploit kit. Angler was one of the most popular exploit kits, and the analysis of web sources highlighted Angler payloads like Cryptowall, AlphaCrypt, Necurs and Bedep malware.
The security concerns surrounding Flash are not new to government agencies, and influential web players like Amazon, Apple and Google Chrome have already stopped supporting certain Flash features. As GCN previously reported, however, Adobe Flash Player is still required by a surprising number of government web sites.
Amanda Ziadeh is a former reporter/producer for GCN.