Other issues in this category (14)
Farewell, Flash Player!
Thursday, January 14, 2021
On December 31, Adobe ended its support for Flash Player — the developer had warned about this back in 2017. The Flash Player download pages are now off Adobe's website, and beginning January 12, Adobe will block Flash content from running in Flash Player.
Google Chrome and Microsoft Edge no longer support Adobe Flash, and Mozilla Firefox 84 will be the last version to support it. In the most recent Mozilla Firefox versions, the Flash module is disabled by default, but it can be disabled manually on some websites. In October, Microsoft released the KB4577586 update, which removes Flash from PCs running user and server Windows
Adobe recommends that all users uninstall Flash Player before it stops supporting it — Windows and Mac users can find the removal instructions on the developer's website. If you haven't yet removed Flash Player from your PC (but should have) — now is the time to do it: no improvements for the plugin will be released, but vulnerabilities will still be detected. You should start using products that do not need Flash Player if you have not done so already (users have had several years to do this).
Если вы не знаете, нужен ли вам Flash Player, имеет смысл удалить его сейчас, проверив потребность в плагине опытным путем. Не стоит ждать Нового года и заниматься обеспечением работоспособности Flash Player для поддержки какого-то сайта под бой курантов. И следует начать переходить на продукты, не использующие Flash Player, если этого не было сделано раньше (а на переход давалось несколько лет).
Flash technology is infamous for its numerous vulnerabilities, which cybercriminals have exploited for many years. Cybercriminals have also exploited the popularity of this technology and the habit users have of allowing the download of Flash Player when visiting different websites. Thus, widespread social-engineering techniques involve getting users to agree to update their Flash Player so that trojans can be downloaded with the update. BackDoor.Flashback, disguised as an Adobe Flash Player installer, is a typical example. When a user visits a site distributing malicious software, a Flash Player error message appears on the screen, and then the user is prompted to upgrade their Adobe Flash software.
But what should those users do who, for various reasons, require resources incorporating Flash, when not one modern-day browser can display it? Use an old, vulnerable version of the browser? It can be assumed that attackers will take advantage of this opportunity to promote malware. Here is an example of a website from which users downloaded Android.BankBot.279.origin:
As you can see, the website is similar to the real one so that the common user does not notice the difference. And only an anti-virus that has been installed on your PC will keep you from visiting such a site or downloading malware from it.
The Anti-virus Times recommends
Dr.Web Anti-virus effectively detects malware that cybercriminals distribute via formats that support Flash Player or are disguised as updates for it.
Companies and organisations can be advised to provide, if possible, separate computers (without Internet access if it is not required) on which their employees can work with Flash. At the same time, it is desirable to isolate these computers from the local network. They need to be scanned with an anti-virus because files will be transferred to them via removable media; Office Control restrictions should also be used.
And, of course, you should correctly build security policies to ensure users work with limited user permissions.