Operation Pawn Storm - Adobe Flash ExploitYesterday, 14 October 2015, antivirus company Trend Micro notified the world of yet another Flash exploit that is being used in the wild. This is the next in a series of security flaws in Adobe Flash that gets covered by the media after the Hacking Team hack earlier this year.

The problem with these Flash exploits is that it is just the tip of the iceberg. This particular exploit gets used by Operation Pawn Storm - a corporate and political cyber-espionage operation that has been widely covered in the media in recent months. For these groups, finding and abusing computer bugs is big business. So, there should be no doubt that these groups have various exploits at their disposal, perhaps even yet another (unknown) Adobe Flash exploit.

The problem that is Adobe Flash

So why do these hacking groups target Adobe Flash? The reasons are many:

  • Flash is installed on many computers both in the personal and enterprise world.
  • All the victim has to do is visit a web page and the Flash code will be executed.
  • Wide scale abuse of Flash bugs is relatively easy thanks to Flash banners.
  • Adobe Flash has a very poor update mechanism. Users only update after they encounter a problem.

As long as Adobe Flash is installed on such a large number of devices, more and more of these zero day exploits will be uncovered by antivirus companies. Most of them will not be published in the news, but they can still make many victims and cause a lot of damage.

We encourage everybody to consider the cost and impact of being targeted by an Adobe Flash exploit before deciding on what software they want to incorporate in their enterprise environment. There are alternatives available that make sure you do not have to deal with the problem that is Adobe Flash.

Topics: Adobe flash, adobe