Flash may be well on its way to extinction, but that doesn’t mean it can’t still inflict more damage before it goes. The famously vulnerable software is getting yet another emergency patch from parent company Adobe to protect users from a slew of exploits, at least one of which has already been observed in the wild and could allow an attacker to hijack a user’s system.
The vulnerabilities affect a number of different operating systems, including Windows, Macintosh, Linux, Android, iOS, and Chrome OS. The update includes patches for a variety of problems, five of which Adobe rated as “critical,” its highest priority ranking.
Critical vulnerabilities include those which, if exploited, would allow malicious native code to execute, potentially without the knowledge of a user, according to Adobe. Users can go to the Adobe Web site to verify which version of Flash Player they’re running and upgrade to the latest version.
The Long List of Security Flaws
As bad as that sounds, the alert is only one in a litany of warnings Adobe has had to issue regarding the faulty software. Late last year, the company issued a similar warning about another set of critical security problems with Flash.
A week before Adobe sounded that alarm, hackers had exploited a Flash vulnerability to attack the AOL Ad Network with a nasty bit of malvertising, online advertising that spreads malware. The attack affected popular Web sites such as the Huffington Post, GameZone and LA Weekly. Ads hosted on those sites from an AOL ad network redirected visitors to a site that exploited a Flash bug to download a Trojan onto users computers..
At least one of the vulnerabilities described in Adobe’s latest security alert is already “being used in limited, targeted attacks” by hackers in the wild, so users are encouraged to patch their systems as soon as possible, the company said.
Companies Moving to HTML 5
The tech industry finally appears to have had enough with the problematic program. Flash has always had its critics. For example, former Apple CEO Steve Jobs refused to allow Flash to run on iOS devices such as the iPad, citing security concerns.
But the tech world’s rejection of Flash, which once powered a sizable chunk of Web sites, has spread far beyond Apple. HTML 5, the latest version of the markup language that supports animation and video, has replaced it in a number of video services including YouTube, Netflix, and Vimeo.
Last year, Mozilla announced that its Firefox browser would block all versions of Flash by default due to security concerns. Facebook abandoned the technology in December, while Google recently said that it would shift its display ads from Flash to HTML 5.
The company seems to be aware of the bad reputation Flash has earned for itself as it recently renamed Adobe Flash Professional to Animate CC, perhaps hoping the name change would help shed some of the negative PR.
