A major fault threatens the security of computers using Flash Player. The program appears to be vulnerable to hackers and a new bug is to blame for that. Back in September 2016, Adobe patched one of their old weak spots, and now a variation of that bug is endangering your very own Windows credentials.
How hackers can take advantage of this flaw
Dutch security researcher Björn Ruytenberg pointed out in a blog post the vulnerable aspects of Adobe Flash Player. With a Flash file that makes requests to a remote server via HTTP or HTTPS anyone could bypass the security measures of the program. “By setting the HTTP Location header and an appropriate response code (eg 301, 302), this vulnerability can be used to redirect HTTP requests to a malicious SMB server,” Ruytenberg added.
The main goal of a hacker is to get his destructive code on your computer. According to David Emm, a security researcher at Kaspersky Lab, “This could be done in any of the usual ways that are used to do this – sending embedded a Flash object in an e-mail attachment, via drive-by download or using any other way of delivering the object to the computer. This would set up the attack, after which the infected object could exploit the vulnerability,”.
What can be done to protect your computer?
For now, the best strategy is to update Flash Player to the latest version. Applying the patch released by Adobe can be vital for your computer. Another solution can be giving up on Flash Player entirely, but that represents a more drastic alternative. “Organisations and individuals alike should regularly review what is installed on their systems and either update what they still need or remove what they don’t.” Emm added.