If you were to go through news regarding Adobe Flash, chances are high that it will be regarding vulnerabilities in the software. In 2010, Steve Jobs publicly wrote about why Flash would not be supported on Apple’s iOS platform, and since then, other mobile operating systems dropped support for Flash as well. It’s 2017, and as you might have guessed by the tone, this news article too talks about new vulnerabilities in Adobe’s ageing and now repeat-offender multimedia software platform.
ZDNet reports of multiple code-execution vulnerabilities within Flash that will affect all major computing platforms - Windows, macOS, Linux, and Chrome OS. Adobe has fixed tens of issues and is urging users to update to a version higher than 220.127.116.11.
Google’s Project Zero, a team of security experts entrusted with the task of finding day-zero vulnerabilities within Google’s own software as well as software used by others, pointed out five of these issues. Two issues were reported by Microsoft Vulnerability Research program, three by the Chromium Vulnerability Rewards Program and one by China-based Tencent, one of the largest Internet companies in the world.
Adobe has stated that it had not noticed any of the above-mentioned vulnerabilities being exploited by hackers, unlike the past. Most Web browsers today prevent Flash components on websites from automatically executing, rather hiding them behind a click to execute manually, if the user wants to. Microsoft Edge browser announced deploying this technique in December 2016. Google Chrome is said to have adopted it in September and Mozilla Firefox was said to do the same by August of last year.