Adobe Flash: Major Security Flaw Found, Is It Time To Uninstall It?
Adobe Flash Player was found to have a major security flaw, which revealed sensitive documents leaked from the spyware maker Hacking Team.
Users of Windows, Linux, and OS X were advised to updated to the latest version of Adobe Flash, especially since the update is considered important for both OS X and Windows users. However, it comes with the CVE-2015-5119 bug, which is being used to infect unsuspecting users’ computers.
The Adobe Flash update patches 36 CVE-listed flaws, including the infamous Hacking Team’s CVE-2015-5119 bug. What is this bug? Once a user opens a malicious flash file, it can run malware on a user’s computer. The other 35 security flaws allows hackers to create remote-coded execution attacks on vulnerable computers.
Italy-based Hacking Team said that its computers were breached over the past weekend, and 400GB of sensitive data was released online. It was revealed through the documents that the firm not only works with the U.S. to spy on citizens, but also that it works with regimes like Sudan.
What should users do? Alternative solutions include uninstalling Adobe Flash or disabling the plugin, which is notorious for having security flaws. You can also set your web browser to run Flash files only if you right-click on them and select “run this plugin.”
Adobe immediately released a patch for the bug on Wednesday. This will protect the Adobe Flash Player on Linux, Macintosh, and Windows computers.
“These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit targeting CVE-2015-5119 has been publicly published.”
This comes weeks after the news when Adobe released another emergency patch for the Flash Player. Some have suggested that users would be better off deleting or disabling Flash Player without having to deal with the constant updates and security flaws.
This security flaw affected an Adobe font driver on Windows computers. Researchers found that 32-bit and 64-bit versions of Windows were affected from Windows XP through Windows 8.1. This flaw allowed attackers to change the privileges through the administrative level.
“We believe the overall risk for customers is limited, as this vulnerability could not, on its own, allow an adversary to take control of a machine. We encourage customers to apply the Adobe update and are working on a fix.”
Is it time to get rid of Adobe Flash for good? Special for the Republic Contributor says yes, unless you find it’s a need for your day-to-day computer activities.
“In my case, I found that Flash wasn’t a critical tool for my everyday use, so I’m willing to put up with the slight inconvenience of either temporarily enabling Flash in Chrome or flipping over to Firefox.
If you determine that having Flash active in your browser at all times is a necessity, you have to make sure you keep it updated regularly or risk becoming a victim as soon as the next exploit is discovered.”
Meanwhile, Owen Williams of the Next Web believes that Adobe Flash is horrible and that all users should move on from it. He says that users can uninstall it completely or disable it in Chrome if you still want to run Flash every so often.
“I’ve been flash-free for two months now and haven’t missed a beat. Uninstalling takes just a minute and is one of the best ways to protect yourself against a wide range of attacks.”
With all of these security flaws and constant updates on Adobe Flash, some users are considering doing without it altogether. What are your thoughts? Are you going to continue using Adobe Flash Player, or are you uninstalling it from your computer? Share your thoughts below in the comments section.
[Image: Adobe]