The Adobe Flash Player has become the primary target for phishing and Trojan attacks, which is why web browsers are breaking away from it, including Google Chrome and Mozilla Firefox. But one brave soul remains on its side. Microsoft browsers will continue to use and support Adobe Flash Player according to the company’s Security Staff.
Before Adobe Flash Player, Java applets were the primary target for malicious attacks, with their vulnerabilities exploited until changes were made with Java and Internet Explorer. When most browsers took the initiative to abandon Java, threat actors turned their sights on Adobe Flash Player. These days, the player is going through a vicious cycle of rolling out updates to counter exploit kits released just days after the previous update. A few months ago, Adobe Flash Player released an update to fix 50 critical vulnerabilities. Recently, they released an update to fix 30 critical vulnerabilities. So it is understandable why browsers are also abandoning Flash Player.
But despite the risks that come with using Adobe Flash Player, it will remain as a default in both the Internet Explorer 11 and Microsoft Edge browsers. Is it a case of Microsoft being confident of the security system of its browsers, or a case of misplaced loyalty?
According to Microsoft, “Real-time security software can implement IExtension Validation to block ActiveX controls from loading malicious pages. When Internet Explorer loads a webpage that includes ActiveX controls, the browser calls the security software to scan the HTML and script content on the page before loading the controls themselves”.
It seems they do have security measures in place. Microsoft Edge does not support Java or ActiveX controls either, which limits the risks to some extent.
This definitely spells good news for website owners who rely on the Flash player to deliver online content, and marketers who have invested heavily on Flash-based ads. With this initiative, you may not have to abandon Adobe Flash Player anytime soon?