Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Adobe Flash turns out to be a real headache for system admins everywhere

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

July 21, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

Fortinet security researcher Bing Lui has warned users that Adobe Flash is unsafe anywhere and that they can still be p0wned even if they disable Adobe Flash in their web browsers.

The software continues to be a real source of irritation to thousands of system admins everywhere and doesn't seem to get any better moving forward.

Lui's warning underscores similar advice offered last week when he strongly advised users to dump Flash to bolster security in the wake of the public disclosure of three zero day security vulnerabilities (CVE-2015-5122, CVE-2015-5123 and CVE-2015-5119) as part of the Hacking Team cyber filing.

Lui successfully built an exploit against the first vulnerability in demonstrating how the likely common mistake of uninstalling Flash only from browsers can still leave users wide open to phishing attacks.

"Unfortunately, what all this means is that just disabling the Flash plug-in in your web browsers isn't a solution at all," Lui warned.

"Flash files can not only be embedded in a web page but also in various document formats such as Microsoft Office documents and PDF files," he added.

"Even if you have disabled Flash in your browsers, several security exploits can still leverage Flash Player vulnerabilities through software like Microsoft Office and Adobe Reader."

Lui then demonstrated how exploiting Hacking Team's CVE-2015-5122 proof of concept could pop up the calculator program from within Powerpoint or Reader files.

"There is no need to modify the Flash exploit at all. It works well inside a PPT and PDF document until I uninstall the Flash Player on my computer," he said.

Similar attacks are already underway with a hacking campaign spotted targeting U.S. Government agencies. Those entities could be compromised if a targeted staffer had not completely removed Flash.

Of course, users could alternatively run Microsoft's Enhanced Mitigation Experience Toolkit (EMET) which is reported to block the Flash exploits.

The call to dump the often ruptured runtime gained renewed momentum after Facebook security head Alex Stamos took to Twitter calling for the platform to be given a definite end-of-life treatment.

That suggestion was soon followed by the Mozilla Foundation, which formerly announced that it was dumping the platform in its FireFox browser.

Source: Fortinet Security.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer