Adobe Flash Accounts for 8 of the Top 10 Vulnerabilities Used in Exploit Kits

[Karamjit]

Internet Explorer and Silverlight get the other 2 spots

Threat intelligence research company Recorded Future has put together a list of the most used vulnerabilities currently integrated in exploit kits (EK).

Their research covered the period from January 1, 2015, to September 30, 2015, and included data from the analysis of over 100 exploits kits currently used for various types of attack scenarios.

For the uninitiated, an exploit kit is a collection fo hacking tools that facilitate the infection of a user's computer with a particular piece of malware, specifically targeting known security vulnerabilities.

Some of today's most famous exploit kits include the Angler EK, the Fiesta EK, the Hanjuan EK, the Nuclear EK, and the Neutrino EK.

By looking at the type of security vulnerabilities exploit kits leverage to deliver their malicious payloads, the researchers from Recorded Future were able to create a top 10 of the most used security flaws.

Nobody was surprised to see Flash in the Top 10

As everyone expected, the top spot went to a Flash vulnerability, of which Adobe had plenty this year. In fact, Flash was so plagued by security issues that the first eight spots in the top 10 went to various security flaws discovered this year alone.

Coming in on number 9, we find an Internet Explorer bug, followed by another Microsoft product, the deprecated Silverlight platform.

All the top 10 vulnerabilities are issues discovered this year, showing that EK operators don't generally waste time when it comes to integrating the most recent security bugs into their code.

While many have mitigated for deprecating and giving up on Flash, including Facebook's CSO, the reality is that Flash Player still accounts for a huge market share.

What makes it even worse is another recent study carried out by Secunia (now part of Flexera Software) which points to the fact that 80% of all Flash users don't run the most recent version of Flash.

This means that despite Adobe's best efforts in keeping Flash Player bug-free, users still run outdated versions, even using versions marked as EOL (End-of-Life).

From

[oliverjia]

These people at Adobe Flash has no shame. They should've let go of everybody and give up Adobe Flash altogether. HTML5 FTW.

[OrioNeXus]

These people at Adobe Flash has no shame. They should've let go of everybody and give up Adobe Flash altogether. HTML5 FTW.

atleast someone could block flash using a adblock or flash disabling addon but html5 is the full integration of a webpage where a vulnerability/exploit if used you cant block html5 n the whole webpage :(

[banned]

I run Flash on Windows XP. What me worry? Nope. My browser is configured to prompt before executing plugins.

Windows XP is actually safer than Windows 8+ when it comes to Flash, since I don't have to wait a month for Microsoft to push Adobe's patch.