Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Internet Explorer Security

8 of the 10 Top Security Flaws Used By Cyber-Criminals This Year Were Flash Bugs (recordedfuture.com) 66

An anonymous reader writes: Adobe Flash Player provided eight of the top 10 vulnerabilities used by exploit kits in 2015. Angler is currently the most popular exploit kit, regularly tied to malware including Cryptolocker. Vulnerabilities in Microsoft's Internet Explorer and Silverlight are also major targets. All of these are the conclusions of a Recorded Future report.
This discussion has been archived. No new comments can be posted.

8 of the 10 Top Security Flaws Used By Cyber-Criminals This Year Were Flash Bugs

Comments Filter:
  • by msimm ( 580077 ) on Tuesday November 10, 2015 @02:26AM (#50899053) Homepage
    I uninstalled Flash about 4 months ago. Guess what...the web still works. Even the questionable video sites I use work (or at least > 50%, which is enough). Sites that insist on requiring flash in 2015 probably haven't been relevant since 2010. Sites that require wonky plugins had better be for work and get relegated to a Microsoft browser product I don't use for anything else.
  • by shocking ( 55189 ) on Tuesday November 10, 2015 @03:06AM (#50899161)

    Crying shame that you need it for consoles and the like.

    • If you've ever used VMware Server 2 you wouldn't be eager for their pure HTML interface. At least the flash one works...
      • by shocking ( 55189 )

        I suspect that you are right - I just want to be able to administer stuff from a HTML5 browser running anywhere.

  • There are multiple platforms not using Flash. Look at Apple's Ipad. By default no Flash on this device and still you can visit 99% of the websites (even video content). Its just the developers that need to turn their heads on it, and start using alternatives.
  • by nickweller ( 4108905 ) on Tuesday November 10, 2015 @06:04AM (#50899573)
    "8 of the 10 Top Security Flaws Used By Cyber-Criminals This Year Were Flash Bugs"

    Bugs in an application can only be exploited by defects in the underlying Operating System
    • by Anonymous Coward

      That's the most ridiculous and unqualified statement on bugs I've ever read.

      What happens if an application allows for arbitrary code injection and execution due to a buffer overflow bug? Injected code could easily wipe all your user space files by using standard file io operations without ever doing anything that can be construed as exploiting defects in an underlying OS.

      Name one OS that can't be "exploited" in this fashion.

      • What happens if an application allows for arbitrary code injection and execution due to a buffer overflow bug? Injected code could easily wipe all your user space files by using standard file io operations without ever doing anything that can be construed as exploiting defects in an underlying OS.

        Not if the application is running under a separate user account, a jail, or some other containment facility of the operating system. Lack of such a facility is the defect. An application shouldn't be able to access a resource unless both the user has access to it and the user has delegated access to it to the particular application.

        Name one OS that can't be "exploited" in this fashion.

        Any GNU/Linux distribution with an AppArmor policy in effect. Or iOS on Apple devices. Or IOS on Nintendo Wii for that matter. Or Android, provided the APK doesn't have the SD fu

      • Name one OS that can't be "exploited" in this fashion.

        That is the point. All OSs suck. This simply should not happen. I am becoming more convinced it is intentional.

    • You are an idiot
  • by Big Hairy Ian ( 1155547 ) on Tuesday November 10, 2015 @07:17AM (#50899759)
    Flash isn't supported on IOS or Android anymore. It's only supported on Windows & Linux because they are not walled gardens. Can't speak for the Apple Mac but assume it's not supported or at least discouraged.
  • And engineering team member, Flash just can't die soon enough.

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...