Security Warning: Adobe, Microsoft & the Software Patching Double Problem
Web browsers have security issues, so make sure you take all the safety precautions
As a provider of protection, our security company is not only supposed to protect systems from various threats, but also analyze existing security policies and decide the direction and effect they have for every user.
The last couple of days revealed a new zero-day software vulnerability in Adobe Flash Player that affected users’ worldwide, but mostly those using web browsers like Microsoft Internet Explorer and Mozilla Firefox.
The Adobe Flash Player vulnerability was noticed in drive-by downloads launched with an exploit kit called Angler, which targeted users by inserting malicious code in legitimate websites and online ads.
Software vulnerabilities in the online security landscape
This new security threat caused by software vulnerabilities confirmed our established perspective, where we tried to warn all those affected by these security exploits. For us, this new issue is nothing more than a confirmation of our past vision on the subject and proves a poor integration of browser plugins in the present web browsers technology.
And if we are at this point, we need to acknowledge the potential threat caused by the present software entanglement between different manufacturers, like Adobe, Microsoft, Mozilla and others.
The chain is only as strong as its weakest link!
This exploit for example, it targets 90% of computers worldwide, since Flash is installed on most systems. If we also consider that Firefox and Internet Explorer make around 32% of the browser usage base, this leads into thinking that up to 28% of Windows systems could have been affected by this latest security breach.
If you need more technical data on this latest Adobe Flash Player exploit, we recommend the following article.
Are there any good news?
Yes, the good news is that users of Google Chrome, who cover about 60% of the browser market, were not affected by this issue.
Ok, tell me the bad news!
The bad news is that solving these gaps in software vulnerabilities demands a larger security strategy and approach.
Since our security company provides a software that automatically patches the vulnerable applications, including Adobe Flash Player, we consider the Flash Player’s poor integration into web browsers creates a double problem, where patching times are relatively long.
For this reason, we – as a security company – DO NOT support cross integrating software policies.
What can you do to protect yourself ?
- First of all, make sure your 3rd party software is as up to date as possible, at all times. To make things easier, you can use a specialized software, like Heimdal Free, that automatically patches the vulnerable applications for you.
- Use a Traffic checking service, such as Heimdal Pro, because most web exploit attacks may come even from legitimate websites. Consider this as an extra layer of protection.
- Use a good anti-spyware solution to remove phishing or exploits focused on malicious emails. This way, you have 2 layers of protection against malicious URLs, which may be heading for your computer.
- A solution to control the Adobe Flash Player browser integration is to enable this “click-to-play” plug-in that lets you control the Flash Player content loading.
Car makers have long learned that the wheel, engine and fuel tank are separate components.
Since software is mechanics, just like anything else, we think this is a lesson worth learning for all software manufacturers.