Skip to main content

Adobe Flash Player reaches end-of-life

"What now? My farm is no longer working. Can you have a look, honey?"

Like millions of other people my wife likes to play online browser games. You know, the ones that don't require a fast connection because your virtual life is not in constant danger, and an occasional harvest is enough to make progress in the game.

So, when her browser refused to open her virtual farm, and there were many, many other users like her, this caused some turmoil in the community. Especially when some of the developers acted as if it came as a surprise and took their time to decide what to do next.

Some developers took their games to another platform

Facebook and some other social platforms used to host a ton of these games and what most had in common is that they were using Adobe Flash Player for their animations. Flash let web designers and animators deliver animated content that could be downloaded relatively quickly.

But as of last month, the major browsers have stopped supporting Adobe Flash Player after Adobe itself announced to stop support as of the 31st of December 2020. Specifically, Adobe announced years ago that it will stop updating and distributing Flash Player.

What caused this end of life?

Adobe Flash Player has seen more than its fair share of exploits and vulnerabilities. Arguably, it's because the software was so popular that it made for an attractive target, but since it was based on a 1996 release it may have become impossible to keep on patching it. Developers are changing to HTML5, and other options, to produce new content.

Advice for Flash users

Home users should uninstall Adobe Flash Player as it will no longer receive any security updates. The general feeling among security professionals is that it will not take long before unpatched vulnerabilities will be exploited in the wild. In some cases, simply having Adobe Flash Player installed is all it takes to compromise your system. So, if there are no legitimate use-cases left, don't run the risk of having it installed. Adobe has instructions for removing Flash on Windows and Mac computers on its website.

It could be a different scenario for business users, as some companies may still be using Adobe Flash Player for internal use. As it stands, it will become increasingly difficult to maintain this situation since Adobe will prevent Flash Player from displaying content from 12 January 2021.

If your site is reliant on the plugin for developing or playing content, it's high time to consider a revamp of your website content. Adobe has some options for its customers who were taken by surprise.

Expected cybercrime abuse

We've seen fake Flash Player updates for years, which are in reality bundlers that sometimes include the actual latest version of Flash but might just as easily include older versions or no version of Flash at all. We suspect these will continue to show up. They might even become more popular as people have no way of finding legitimate versions and updates.

Fake Flash Player update notice

You may also see malicious campaigns promoting alternatives for playing Flash content, which could in reality install any kind of malware or potentially unwanted program.

And there may be some exploit kits that will take it upon themselves to incorporate all the latest vulnerabilities in their setup to victimize those that still have Adobe Flash Player installed.

End-of-life

End-of-life (EOL) is an expression commonly used by software vendors to indicate that a product or version of a product has reached the end of usefulness in the eyes of the vendor. Many companies, including Microsoft, announce the EOL dates for their products far in advance. Adobe announced this EOL in 2017, so most developers should have been aware. Many will be sad to see it go and some will be glad to point it to the door. Our advice will be the same as always.

Stay safe, everyone!

The post Adobe Flash Player reaches end-of-life appeared first on Malwarebytes Labs.



from Malwarebytes Labs full article here

Popular posts from this blog

Mobile Security Framework (MobSF) - An All-In-One Mobile Application Security Assessment Framework

Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. MobSF support mobile app binaries (APK, IPA & APPX) along with zipped source code and provides REST APIs for seamless integration with your CI/CD or DevSecOps pipeline.The Dynamic Analyzer helps you to perform runtime security assessment and interactive instrumented testing. Screenshots: Static Analysis - Android Static Analysis - iOS Dynamic Analysis - Android APK Web API Viewer Requirements: Mac: Install Git Install Python 3.6 - 3.7 (3.8 is not supported) macOS Catalina users must uninstall existing python3 and install the one from Python.org . After installation, go to /Applications/Python 3.7/ and run Install Certificates.command and Update Shell Profile.command Install JDK 8+ ...
Read more

BlackArch Linux - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based penetration testing distribution for penetration testers and security researchers. It contains over 1800 security and hacking tools. Here is the complete list of tools in the BlackArch Linux: 0d1n : Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0trace :  A hop enumeration tool. 3proxy : Tiny free proxy server. 3proxy-win32 : Tiny free proxy server. 42zip : Recursive Zip archive bomb. a2sv : Auto Scanning to SSL Vulnerability. abcd : ActionScript ByteCode Disassembler. acccheck : A password dictionary attack tool that targets windows authentication via the SMB protocol. ace : Automated Corporate Enumerator. A simple yet powerful VoIP Corporate Directory enumeration tool that mimics the behavior of an IP Phone in order to download the name and extension entries that a given phone can display on its screen interface ad-ldap-enum : A LDAP based Active Directory user and grou...
Read more

How a VPN can protect your online privacy

Have you ever experienced the feeling of relief that comes when you do something silly, but you're glad you did it where people don't know you? Or maybe you wished you were somewhere like that, but alas… That is what a Virtual Private Network ( VPN ) can do for you: it can put you in a place where you are unknown. To determine if and when you need a VPN, you must define what your goal is. If your main goal is to improve your privacy online, then a VPN is one of the possible solutions. Privacy is a right that is yours to value and defend. If you don't fall into the categories of people who say "I have nothing to hide" or "they already know everything about me" then you may care enough about your privacy to use a VPN. For the latest Malwarebytes Labs reader survey we asked "Do you use a VPN?" 2,330 responded and an impressive 36 percent said they now used a VPN. For perspective, ten years ago, only 1.5 percent of Americans used VPNs. So...
Read more