WavebreakmediaMicro - Fotolia
Adobe has issued emergency patches to fix a major security hole in its Flash player, which is already being exploited in the wild.
The security updates for Adobe Flash Player for Windows, Macintosh and Linux address a critical vulnerability (CVE-2015-3113) that could allow an attacker to take control of the affected system.
Adobe warned that systems running Internet Explorer for Windows 7 and below, as well as Firefox on Windows XP, are known targets.
The company recommended users update their product installations to the latest versions.
At the same time, Google Chrome will no longer support Java, older versions of Flash or Silverlight that use the NPAPI plug-in interface.
With many businesses still using Flash and Java internally on their intranets, enterprises are at risk from web-based exploit kits such as Angler.
Craig Young, security researcher at Tripwire, said: "Flash, along with ActiveX and Java, are remnants of the 1990s 'Web 2.0’ technology boom. The nature of these technologies allowed attackers to run code directly on remote computers and revolutionised the attack surface of the internet.
"The has been a constant barrage of vulnerabilities in all Web 2.0 technology, as well as a constant stream of ‘update’ messages to users. This has given way to a newer and very successful form of attack wherein the attacker spoofs an update message tricking users into downloading malware.
"These tricks can be particularly effective, as illustrated by the 2012 Flashback malware which exploited Java on roughly 600,000 Apple computers in the 6 weeks it took for Apple to respond with patches."
Since Java 8 was released in March 2014, it has been updated over seven times. In a locked-down enterprise IT environment, where users do not have admin rights, each time Adobe or Oracle releases a patch, IT needs to roll out a patch. Often the patch will need testing, since it could break the very applications that require the Java or Flash plug-in.
Read more about patch management
- The software deployment component of your endpoint management system plays an important role in desktop health.
- Before IT can apply a software patch, it must choose among varied endpoint security tools.