It should be common knowledge by now that Adobe Flash Player should never be left without an update for too long, as the platform is not only constantly found to be vulnerable in different ways, it’s also a popular target for attackers due to its wide market reach. And indeed, despite the fact that most browser developers are moving away from Flash and similar platforms lately, in favor of a more unified approach, millions of users continue to run Flash and disregard its update notifications, which can have dire results later on.
The most recent updates for Flash actually addressed some very serious issues – according to the patch notes, there were several remote code execution vulnerabilities, as well as an exploit that could leak personal information including keystrokes. For the less tech-savvy users, the remote code execution problems are actually very serious issues, as they could allow hackers to run arbitrarily crafted code on victims’ computers, which could potentially lead to the installation of viruses and similar pieces of unwanted software, not to mention compromising sensitive used information that could be inaccessible through other security holes.
Adobe have also pushed out an update to AIR, their other platform for developing web applications with rich content. It’s not known if AIR itself also contained any vulnerabilities that Adobe were patching, or if the update was a necessity after pushing out the patch for Flash, but users are advised to download the latest patch and bring up their AIR version to 220.127.116.112. The Android version of AIR has been updated as well, although considering that it’s on a different release line than the Windows one, it’s not known if that update was related to the recently discovered security vulnerabilities, or if it was meant to address something else.
This should be treated seriously by everyone, as Flash is becoming less and less secure as more and more hackers are trying to find holes in it – and succeeding on a nearly daily basis, as the frequent stream of critical updates shows. Many users seem to be of the opinion that these problems could never happen to them, and that their own computers could be of no serious interest to a hacker, but the truth is very different.
A hacker can definitely benefit from having access to any random computer, as even if they don’t find any useful information on the computer itself, they can still add it to a “botnet”, a network of infected computers that are then controlled by the hacker for malicious purposes. This is a commonly used way for hackers to perform their activities through a “proxy” of unknowing victims, who might not even be aware that something is wrong with their computers.