Adobe Flash Player

Adobe Flash: 10 shades of vulnerabilities

The 205 vulnerabilities discovered in Adobe’s Flash software so far in 2016, are not all are created equal — but don’t wait to patch them.

Vulnerabilities are rated on a 0-10 scoring by CVSS Score, then this rating is colored green to red depending on the danger and specific risks they create for users. For Adobe Flash, the vulnerabilities have a definite redshift on the color spectrum. The latest vulnerability (CVE-2016-4117), allowing remote attackers to execute arbitrary code, was scored a perfect 10 and earned a bright red.

And it’s not just that one vulnerability. Overall, CVE Details has given Adobe Flash a weighted average of 9.4 for its accumulated 797 vulnerabilities, well above the 7.5 for Firebox Mozilla and Google Chrome.  Flash vulnerabilities are not uniformly red – but it’s close. Given the sheer number of these vulnerabilities and their severity, it’s no wonder that Flash is on its way out.

Flash vulnera

Flash into the picture

Flash is used in hundreds of millions PCs across the world as a format for games and web-site animations. Despite this, it is known for its heavy consumption of system resources and especially reviled for its security issues. And, even though Steve Jobs wrote a direct commentary criticizing Flash several years ago – and refused to allow it on his devices – he is dead, Flash is still around, and the transition to HTML5 is ever rolling slowly forward.

The CVE-2016-4117 vulnerability shows how security holes are exploited. An attack exploiting this vulnerability was spotted on May 8, 2016, by FireEye and the official patch to this zero-day threat came four days later from Adobe. Who knows how many computers were infected in the meantime.

Flash updates now

While some security experts recommend removing Flash entirely, it is still an intrinsic part of the internet experience for millions. For those unwilling to remove Flash, the security mantra remains “Patch, patch immediately, and patch often.”

Patching – for Flash and a growing group of other apps –  has just gotten easier with the newly released Avira Software Updater. This app takes care of hunting down news of updates and centralizes this into a single user-friendly location where downloads are just a click away. From there, all upgrades can be installed with a simple click.

No need to beat yourself with a keyboard looking for the latest update or sort out the multitude up update requests from the various apps on your PC. Get it in one place with the Avira Software Updater – painlessly.

This post is also available in: GermanFrenchItalian

As a PR Consultant and journalist, Frink has covered IT security issues for a number of security software firms, as well as provided reviews and insight on the beer and automotive industries (but usually not at the same time). Otherwise, he’s known for making a great bowl of popcorn and extraordinary messes in a kitchen.