Flash Player is the most unsecure software, taking up every position of the Top 10 Security Exploits, according to NTT Group, the big Japanese telecom provider. Two years ago, the Top 10 of most attacked vulnerabilities through exploit kits was dominated by Java leaks, but in the meantime, the Flash Player has become more insecure, the new favorite attack vector of cybercriminals, while for Internet Explorer, things haven’t changed much.
Lately, the number of attacks on Flash Player has exploded because of the large number of vulnerabilities that Adobe hasn’t managed to patch, no matter how many updates it released with fixes for many of them. In 2015, the number of discovered security leaks in Adobe’s Flash Player has increased with 312 percent compared to the previous year, while Java didn’t have any new exploits used by exploit kits. However, NTT warned that there are many unpatched Java systems and companies should protect devices better.
Cybercriminals take advantage of unpatched software and their exploit kits are automatically installing malware on vulnerable computers. For example, there are many websites they hack and when users visit them, they let viruses get inside their computers, without their knowledge. Another way to distribute exploit kits to users is through malicious advertisements. NTT suggests users to install an adblocker that protects browsers more efficiently.
Two weeks ago, Adobe had to release a new security update that addressed many “critical vulnerabilities” in Flash Player, which affected the version of this software running on Windows, Mac, Linux and Chrome OS. Trend Micro has discovered a vulnerability that could allow hackers to infect devices with “Locky ransomware”, a type of malware that “holds a person’s computer hostage” and the only way to get it back is by paying a sum of money demanded by the hacker. Otherwise, the user can say good by to his important files saved on the computer.