It’s no wonder that people are calling for it to be killed off.
Flash’s funeral might still be some way off, but there are plenty of computer users who are choosing to control its functionality through Click-to-Play or ridding it from their browser entirely.
But, as security firm Fortinet explains, even if you turn off Flash support from your browser that doesn’t mean your computer can’t be hit by a Flash attack:
“Flash files can not only be embedded in a web page but also in various document formats such as Microsoft Office documents and PDF files. Even if you have disabled Flash in your browsers, Flash exploits can still leverage Flash player vulnerabilities through software like Microsoft Office and Adobe Reader.”
They’re quite correct.
A Flash vulnerability doesn’t have to be exploited through poisoned webpages (although this is a common vector for infection). Attacks can also be launched against targeted computers by tricking computer users into opening a file which has Flash content embedded inside it – such as a Word document, a Powerpoint presentation or Adobe PDF file.
System administrators responsible for security their company’s computers would do well to remember this. To best secure your systems, adopt an approach of layered protection, reducing the chances of successful exploitation and ensuring that Adobe Flash is always running the latest security updates.
Alternatively, if you don’t think you can manage that, consider banishing Flash entirely from ever getting anywhere near your computers.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.