Adobe Flash, IE, Windows, Silverlight top exploit kit targets in 2016

Topic

New Reply

According to Kelly Hackson Higgins at Dark Reading, a newly published study by security firm Recorded Future says that Adobe Flash Player provided six
[See the full post at: Adobe Flash, IE, Windows, Silverlight top exploit kit targets in 2016]

Reply | Quote

Replies

Java failed to make the list?? I find that hard to believe . . . either there is a major hole in the study, or something incredulously unexpected happened in the last year.

Reply | Quote

Good point.

Reply | Quote

Couple of interesting links definately Req. reading. Intersting to note Edge didnt seem to make it in there. The “School project” (loved that desc. ch100 could well be a keeper) may have some merit after all.
Flash & Silverlight have been on the avoid list for my old Win7X86 mainly due to space and performance Req. and dont have a Cam, so that was comforting. However over on the X64 side of things hmmm not so sure, may well be time to explore other options or ommissions. Hopefully the Defenders “up to snuff.” I pity those Windoze refugees looking for solace in pastures Apple & Linux the “crime as a Service” developments dont bode to well. Hmmmmm now where i have heard that “as sevice before?” Well the folks at M$ are innovative if nothing else they have influenced the Vocabulary of “exploit crewz” the world over.

Reply | Quote

The computers are first meant to be used and at the same to be as secure as possible.
Edge is not quite usable and as such not in use so much, so there is an appearance of security for that reason. Doesn’t make sense?

Reply | Quote

yep makes sense to me but i hope they dont abandon IE11 (despite its faults & vulnarabilities) as Edge seems a work in progress to me.

Reply | Quote

The Flash vulnerability mentioned in the Dark Reading article is old…applies to versions 18.x through 18.0.0.252 and 19.x through 19.0.0.207 on Windows.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7645

The current version of Flash is 23.0.0.207.

Keeping software updated seems like the way to go.

Reply | Quote

Yep – and it bolsters my contention that you’re OK waiting a few weeks to apply updates. Although I have to say in the same breath that Flash should be avoided at all costs.

Reply | Quote

Woody Quote: [Although I have to say in the same breath that Flash should be avoided at all costs.]

I Googled [How to avoid it] and 1st article stated Uninstalled Flash is hardly noticed in many cases. Is it either / or? Uninstall or use? Short of UNinstall, HOW do you “Avoid” it?
Thanks as always.

Reply | Quote

Uninstall. Then drive a wooden stake through its heart.

Reply | Quote

In Internet Explorer, you can go into Tools – Manage Add-ons, show All add-ons, and Disable Shockwave Flash Object.

I also suggest configuring the Internet Zone so that Add-ons in general won’t run, but that’s a separate issue from just disabling Flash.

-Noel

Reply | Quote

Java has made much more progress than Flash. Oracle also clearly stated, that they will kill browser plugin support in Java version 9. In version 8 (current) you can also turn off Java plugin in the Java options, you don’t have to rely on your browser settings.

Reply | Quote

Note: Java also has “ask to access” default settings for cameras etc. The same can’t be said about Flash.

Reply | Quote

Believe me java is still a royal mess security wise. I’ll leave my list at two items. They intentionally run outside the browser’s sandbox. The 64-bit version doesn’t have a working updater.

Reply | Quote

FYI, this doesn’t work with java since it just executes outside the browser sandbox.

Reply | Quote