Adobe Flash - Flash Client Security

Flash Client Security

Flash's security record has caused several security experts to recommend to either not install Flash or to block it. The US-CERT recommends to block Flash using NoScript. Charlie Miller recommended "not to install Flash" at the computer security conference CanSecWest. As of November 3, 2012, The Flash Player has over 200 CVE entries, 185 of which have been ranked with a high severity (leading to arbitrary code execution), and 46 ranked medium. In February 2010, Adobe officially apologized for not fixing a known vulnerability for over 1 year. In June 2010 Adobe announced a "critical vulnerability" in recent versions, saying there are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. Later, in October 2010, Adobe announced another critical vulnerability, this time also affecting Android-based mobile devices. Android users have been recommended to disable Flash or make it only on demand.

Symantec's Internet Security Threat Report states that a remote code execution in Adobe Reader and Flash Player was the second most attacked vulnerability in 2009. The same report also recommends to employ browser add-ons wherever possible to disable Adobe Flash Player when visiting untrusted sites. McAfee predicted that Adobe software, especially Reader and Flash, would be primary target for attacks in 2010. Adobe applications had become, at least at some point, the most popular client-software targets for attackers during the last quarter of 2009. The Kaspersky Security Network published statistics for the third quarter of 2012 showing that 47.5% of its users were affected by one or more critical vulnerabilities. The report also highlighted that "Flash Player vulnerabilities enable cybercriminals to bypass security systems integrated into the application".

Read more about this topic:  Adobe Flash

Famous quotes containing the words flash, client and/or security:

    The most welcome joke to me is the one that takes the place of a heavy, not altogether innocuous thought, at once a cautionary hint of the finger and a flash of the eye.
    Friedrich Nietzsche (1844–1900)

    A client is to me a mere unit, a factor in a problem.
    Sir Arthur Conan Doyle (1859–1930)

    Of course we will continue to work for cheaper electricity in the homes and on the farms of America; for better and cheaper transportation; for low interest rates; for sounder home financing; for better banking; for the regulation of security issues; for reciprocal trade among nations and for the wiping out of slums. And my friends, for all of these we have only begun to fight.
    Franklin D. Roosevelt (1882–1945)