A study released Monday shows that Adobe Systems' Flash plugin is favored by cybercriminals to sneak their malware onto computers. Cybersecurity intelligence firm Recorded Future analyzed over 100 exploit kits and known vulnerabilities and identified Adobe Flash Player as the most frequently exploited product. While the role of Adobe Flash vulnerabilities as a regular in-road for criminals and malware should come as no surprise to information security professionals, the scale is significant.
According to Web analysis from January 1, 2015 to September 30, 2015, Adobe Flash Player comprised eight of the top 10 vulnerabilities leveraged by exploit kits. Other leveraged vulnerabilities affect Microsoft Internet Explorer versions 10 and 11 (CVE-2015-2419) and Microsoft products including Silverlight (CVE-2015-1671).
Exploit kits are frameworks planted in Web pages that automatically probe for software vulnerabilities when a user browses to a page. Those who develop exploit kits are often hired by others to help distribute specific kinds of malware.
Of the top 10 vulnerabilities found in the exploit kits, eight of them were targeted at Adobe's Flash plugin, used on millions of computers to play multimedia content, according to Recorded Future
Recorded Future looked at software vulnerabilities known to be used in popular exploit kits such as Angler, Neutrino and Nuclear Pack as well as in cybercrime forums between January and September.
Adobe has been working for years to make Flash more secure through code reviews, but it has proven to be a mighty task for an application that's nearly two decades old. Monthly patches are almost always released by Adobe, and emergency patches come out for zero-day flaws that cybercriminals are actively using.