Another month, another Flash vulnerability. This time, it’s designated as CVE-2016-4171 (details here: https://helpx.adobe.com/security/products/flash-player/apsa16-03.html ). This is yet another critical vulnerability, identified by Kaspersky Labs. So far, this hack has been spotted in the wild, being used in limited, targeted attacks. If successful, a hacker can crash your system, then take control over it when you reboot.
Kaspersky Labs researchers Ivanov and Raiu got wind of an APT (Advanced Persistent Threat) Group using the exploit in a series of attacks dubbed “Operation Daybreak.” The hackers’ end game is not known at this time, but the attacks are succeeding. Until Adobe releases the patch for this exploit, you’re better off simply uninstalling it from all computers and handheld devices attaching to your network.
In fact, given the long and growing list of critical security flaws that have been unveiled in recent months, a compelling business case can be made for simply moving away from Flash altogether. While it’s true that Flash is not the software most commonly exploited by the hacking community (that honor goes to Java, which is targeted in 14% of all hacking attacks, versus 4% for Flash), it’s also true that the sheer number of critical vulnerabilities in Flash makes it low hanging fruit. Even a novice hacker with a limited tool set can breach your system.
Some of your business functions may rely on Flash, and if this is the case, the core question is: How important are they? Are those functions important enough to risk a breach over? If not, how quickly can you migrate away from Flash to something more secure?
All of these are critical questions, and if you’re not 100% certain of the answers, contact us today. One of our talented experts can assess your current situation and needs, and help you begin the process of migrating away from an application that is currently posing a direct threat to your bottom line.