Last week the Hacking Team, an Italian security firm which sells spy software to government organisations around the world was hacked. Over 400GB was released including information on two Flash vulnerabilities. One of the Flash vulnerabilities had been known for some time and it makes you wonder if there are more Adobe Flash security issues that we don’t know about?
The first security issue (CVE-2015-5119) which is seen as critical by Adobe affects all Windows, Linux and Mac machines running Adobe Flash Player has had a patch released for it. Adobe has stated “Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system,” A hole on a line of code in Adobe Flash could be used to take control of any affected computer in order to expose any information or files stored on the computer.
The second security issue is a zero-day vulnerability in Adobe Flash and Adobe stated “This vulnerability was reported to us following further investigation of the data published after the Hacking Team data breach,” Adobe said the flaw is present in the latest version of Flash for Windows, Mac and Linux systems, and that code showing attackers how to exploit this flaw is already available online and that they will be releasing a patch this week.
The two vulnerabilities have helped Firefox and Facebook who have come out against Flash. Firefox users will now not be able to use Flash by default and will not be able to until Adobe patches the security bugs and updates the plugin.
Flash content that will be affected include videos and adverts a well as web tools used to upload images.
Facebook’s head of security Alex Stamos, has called for Flash to be killed off. Stamos has asked Adobe to issue a decommissioning date for Flash so that we can all move away from it. Stamos said “Nobody takes the time to rewrite their tools and upgrade to HTML5 because they expect Flash to live forever. We need a date to drive it,”
Microsoft’s Silverlight is also seen as an alternative to Flash and HTML5 with video streaming services, including Sky TV and Netflix using it, but has been rejected by browsers including Google’s Chrome, forcing others to use HTML5.
Let us know what you think? Is Flash dead and do you prefer HTML5 or Silverlight?