Categories: Software

SOS: Adobe Gets Much-Needed Help from Security Experts Worldwide

It’s a well-known fact that Adobe Flash Player is one of the least secure web clients nowadays. Its vulnerabilities put users at risk of identity theft, ransomware and other malware infections, and many other online security hazards, and it’s one of the software that has the most zero days used in targeted attacks.

Because of this, Adobe has ramped up its efforts to patch up these vulnerabilities and provide better security to its users. A lot of people have appreciated this as it shows that Adobe is serious about improving its service and keeping Flash Player users safe (even though the product’s end of life is getting nearer).

However, it’s important to note that Adobe is not the only one who’s working on improving Flash Player — many other individuals and companies have worked hand in hand with Adobe to keep cyberattacks at bay and increase user safety. This isn’t really surprising since, despite its vulnerabilities, Adobe Flash Player is still widely popular around the globe With this large user base, a successful attack can affect thousands of people all world and wreak havoc on numerous institutions.

Who’s Helping?

If you take a look at Adobe’s Security Bulletins for its security updates, you’ll see that the company acknowledges the people and organizations who have helped spot the vulnerabilities that were patched in each update.

On the latest update (which was released on June 13, 2017), Adobe thanked Jihui Lu of Tencent KeenLab for spotting and reporting two vulnerabilities (CVE-2017-3079 and CVE-2017-3081) and Mateusz Jurczyk and Natalie Silvanovich of Google Project Zero for identifying three vulnerabilities (CVE-2017-3076, CVE-2017-3077 and CVE-2017-3078). CloverSec Labs’ bee13oy took the spot with four vulnerabilities (CVE-2017-3075, CVE-2017-3082, CVE-2017-3083, and CVE-2017-3084).

In the previous May 9 update, Lu had identified six of the vulnerabilities that the update had resolves, while Jurczyk and Silvanovich were credited for reporting CVE-2017-3068. The pair had also spotted two vulnerabilities (CVE-2017-3061 and CVE-2017-3064) that were covered by the April 11, 2017 Adobe Flash Player Update. Many of the vulnerabilities that were fixed during this update were identified by researchers who were working with the Zero Day Initiative by Trend Micro. These include CVE-2017-3063 (reported by Keen Team), CVE-2017-3062 (reported by Yuki Chen of 360 Vulcan Team), and CVE-2017-3058 (reported by bee13oy of CloverSec Labs).

Aside from Trend Micro’s Zero Day Initiative, the Chromium Vulnerability Rewards Program has also encouraged researchers to help identify Adobe vulnerabilities. Yuki Chen of 360 Vulcan Team, for instance, spotted CVE-2017-3001, CVE-2017-3002, and CVE-2017-3003 while working with the Chromium Vulnerability Rewards Program. These three vulnerabilities were fixed by the Flash Player Update that was released on March 14, 2017. For this update, Tao Yan of Palo Alto Networks reported the existence of CVE-2017-2997, CVE-2017-2998, and CVE-2017-2999, while Wang Chenyu and Wu Hongjun of Nanyang Technological University identified CVE-2017-3000.

What Does This Mean?

While the whole world is thankful that these vulnerabilities have been spotted, reported, and fixed, the fact is that Adobe doesn’t seem to have the manpower or equipment to identify security threats on its own. This can be dangerous since the list of vulnerabilities for Flash Player is still incredibly long, and it’s only a matter of time before an enterprising hacker uses one of them to do a widespread zero-day attack.

Thankfully, several organizations are here to the rescue. Search giant Google, who’s at the forefront for better online security, has lent its Project Zero team to help uncover vulnerabilities. The Zero Day Initiative and the Chromium Vulnerability Rewards Program, which both pay a certain amount to researchers who discover key vulnerabilities, are also pushing more people to look for security issues in Adobe Flash Player.

Disqus Comments Loading...

Recent Posts

Enjoy WhatsApp Nokia Asha While You Can With These Quick Tips

WhatsApp is available for download on Android, iPhone or even Windows Phone devices. You can go to the Google Play…

3 weeks ago

Google Earth Pro 7.3.1 New Business Features For The New 64-Bit

Google has upgraded one of its most appreciated software, Google Earth, and came up with a version that supports 64-bit…

7 months ago

How to Change your Update Settings for Adobe Flash Player

This article will show you how to change your update settings for Flash Player and select the most convenient one…

7 months ago

[Download] Google Play Store 8.4.40.V APK with Faster Performances and Bug Fixes

There are many advantages to owning an Android powered smartphone, but the biggest one is that people receive access to…

9 months ago

EaseUS Data Recovery Wizard for Mac Review

We all know that feeling when you can’t swallow and you start sweating uncontrollably because you’ve deleted important files by…

9 months ago

Top 5 MX Player Tricks You Never Knew

The most popular app for playing videos on smartphones or tablets is with no doubt MX Player. It comes with…

9 months ago