Asking the real questions here: is Adobe Flash Player Safe? I would wager to say “no”; there have been far too many malicious attacks using Adobe’s Shockwave Flash for deployment and dissemination of malware.
Regarded mostly as a vulnerability rather than a practical software development, Adobe announced in early July 2017 that it will discontinue support for Flash Player by the end of 2020.
Adobe® Flash® Player is a lightweight browser plug-in and rich Internet application runtime that delivers consistent and engaging user experiences, stunning audio/video playback, and exciting gameplay. Installed on more than 1.3 billion systems, Flash Player is. Adobe Flash will be going away soon, but for now, you can easily install and enable Adobe Flash Player on a Mac computer using a Safari browser. That's why it is strongly recommended to use HTML5 video (there full screen mode is no problem) instead of Flash whenever possible. Depending on the Flash video player and the Mac used, it can be difficult to switch back from full screen mode (best is to use the Esc key), so if you don't need full screen mode, don't enable it here. Flash Player may also try to install additional software, so be sure to deselect any offers like this before downloading. In the image below, we've deselected the McAfee Security Scan Plus option. Locate and double-click the installation file (it will usually be in your Downloads folder). USB Safeguard is a portable software that allows you to protect your private files with a password on your removable drive using the secure AES 256 bits key.
Yes, it’s indeed a red flag, but unfortunately, not the only one. Still planning on using Shockwave Player on your machine? You might change your mind after reading this article.
What is Adobe Flash Player?
Fascinating little gimmick this Flash Player is or rather was if we consider Adobe’s decision. And quite old: the very first version of Adobe’s Flash Player came out in January 1993, but only shifted into full swing around 2013. At that time, it was estimated that 400 million out of 1 billion desktop computers were using Flash Player.
Still, what the H-E-Double-Toothpick is this Shockwave Player? Well, to make a long story short, Flash Player is computer software used to run any type of content developed on the Flash Platform. This includes audio, video, vector graphics, 3D graphics, raster graphics, and various types of scripts.
Although loathed by most of the community for its lackadaisical security, Flash Player was once very popular. Long before HTLM5 was implemented, virtually every website was using Flash Player for videos and animations. Yes, that includes YouTube.
Over the years, things have changed. Flash Player is no longer considered an industry-standard since it can’t handle complex videos and animations. On top of everything, it’s regarded as a security liability. As a result, major browsers have begun sandboxing Adobe Flash Player; as sensible first step towards purging it all together.
Is Adobe Flash Player Safe?
I was never for blackballing software, regardless it’s legacy, useless, or really old. However, in Adobe Flash Player’s case, I’m going to make an exception. So, apart from the fact that it’s no longer able to keep up the pace, it has proven to be a major vulnerability.
XMRig Crypto Mining
The latest attack steak reiterates the need for a more secure web-based software development environment. According to a Palo Alto Networks security update, a next-gen malware masquerading as an Adobe push update would install XMRig crypto mining code on the victim’s PC.
Of course, like in many other cases, the infiltration could have been prevented if the user would pay more attention to the signs. As Palo Alto noted, the bogus update was not digitally-signed, which triggered a Windows UAC response since the publisher could not be verified.
And because no one ever bothers to check these things out, the user would have had dismissed the notification by continuing with the installation (bad move!). Cryptominers aren’t that bad – sure, they slow down your machine to the point where you’ll have trouble running a YT video, but that’s about the damage they can do.
Turla Spear-phishing
Still, there are instances when Flash Player went full dark side. In early January 2018, it was discovered that Adobe Flash Player was the perfect gateway for the dreadful Turla, an APT group suspected of numerous online illicit operations, from spear-phishing diplomatic bodies to dropping backdoor malware.
The method of execution was, more or less, the same – pushing a spiked Adobe Flash Player updating package, the group was able to gain instant access to the infected machine.
The CrescentCore Affair
Another instance when Adobe Flash Player proved to be an efficient attack vector was during the CrescentCore crisis of July which mostly affected Mac users. Cybersecurity researchers figured that the malicious payloads were delivered via a compromised Adobe Flash Player update, which was actually a DMG package.
Since it was virtually impossible to tell them apart, some researcher argued that it’s best to avoid installing Flash Player updates altogether, including those which are available for download on Adobe’s official website.
Brav0 #15982 Gone Rogue
Last, but not least, there’s the zero-day vulnerability discovered by Gigamon ATR in late December 2018. Codenamed CVE-2018-15982, this vulnerability was exploited in the wild through a breach in Adobe Flash Player’s base code. As for the payload, it was delivered via an infected Microsoft Office document.
Some Thoughts on Adobe Flash Player![]()
Still planning on using Adobe Flash Player? Think of it this way: at this very moment, Adobe Flash Player has more in common with the human appendix then it does with functional online software development environments.
More specifically, although the appendix used to serve a purpose a very long time ago, now it’s more or less useless (maybe it reasserts itself for a brief period, after which it’s surgery time).
That’s what Adobe Flash Player is – a time-bomb that could go out any second and a tool that has long ago fulfilled its role. Ironic, come to think of it since Shockwave is considered HTML5’s father.
Puzzling enough, despite Shockwave’s vulnerabilities, some websites continue to rely on it; and I’m not talking small fish here. Just the name a few, we have Crunchyroll, Vimeo, Huffington Post, CNN, Fox News, Funimation, and ever our dearly-beloved Hulu.
As it happens, Adobe Flash Player seems to have found a forever home in the online gaming industry. Yes, a great deal of those websites are powered by Adobe’s Flash Player and there’s not one thing someone can do about it!
So, what’s there to be done about Adobe Flash Player? Disable it, altogether, of course. If it’s only temporary or permanent, it’s entirely up to you. I usually like to keep under ask-type permission (a prompt will appear on the screen each time a website requests access to Flash Player).
Your parents and friends will click any suspicious link, so make sure they're protected.
Thor Foresight provides: Automatic and silent software updatesSmart protection against malwareCompatibility with any traditional antivirus.
How to deactivate/disable Shockwave Flash in your browser
Probably the easiest (and most comfortable) method of ensuring that your devices protected against Shockwave-spread malware is to deactivate or disable this module in your browser. Here’s how to do it.
For Chrome
For Firefox
For Edge
For Brave
Additional Cybersecurity Tips
Disabling Adobe Flash Player should be enough ward off anything nasty, but you can always do better. Here are a couple of cybersecurity tips that will keep you safe while using Adobe Flash Player.
Always download updates from Adobe OfficialDownload Flash Player For Mac
As most of the malware’s spread through bogus updates, it would be for the best to go directly to Adobe’s website and get them from there. You might want to check every week or so and download the latest version.
Install Flash Player directly from Adobe
A variation on the same them – go to Adobe Central to get your Flash Player. It’s like cutting the proverbial middle-man in half and going straight to the big man himself. You should also try to stay as far as possible from third-party software that offers free Flash update or the player itself.
Update the player to the latest version
Did you know that up to 80% of successful malware attacks are attributed to unpatched software? The best way to avoid this would be to keep your Adobe Flash Player up-to-date. Set a reminder to look for updates at least once per week.
Let your browser handle your Flash updates (or not)
Bear in mind that some browsers, such as Chrome, automatically install Flash updates whenever they are made available. If your browser supports this feature, then all Flash update prompts should be treated with the utmost suspicion.
Install an antimalware solution
Your antimalware/antivirus software is your last line of defense. Make sure it’s a good one. If you’re having trouble picking one out, I would dare to suggest Heimdal Security’s Thor Foresight Home. The DarklayerGuard can block just any kind of suspicious online activity, which also includes malicious Adobe push updates.
Here's 1 month of Thor Foresight Home, on the house!
Use it to: Block malicious websites and servers from infecting your PCAuto-update your software and close security gapsKeep your financial and other confidential details safe
EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.
Try Thor Foresight
Ad-blockers may sometimes be ineffective
Here’s one for you: why did the pop-up cross the screen? To get blocked on the other side. Well, that’s what an ad-blocker’s supposed to do, by design: block PUPs and other nasties. As it happens, in some instances, especially whenever APTs are involved, the ad-blocker is no longer able to filter out the notification. You know the drill: disable, scan, and report.
Wrap-upFree Flash Mac
Is Adobe Play safe? Definitely not; apart from the fact that it’s obsolete, it’s also prone to all kinds of malicious attacks. Remember my advice: deactivate and stay safe. As always, for comments, rants, and donations of any kind, shoot me a comment.
Safe Download Of Flash For A Mac Download
If you liked this post, you will enjoy our newsletter.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2020
Categories |