Adobe Flash Player - at risk?

Adobe Flash Player is an application that is used around the world on all sorts of operating systems, including Windows, Mac OS X, Linux and Chrome OS(1). A recent vulnerability in the application itself has meant users could be at risk(1), according to Symantec Security Response, and the damage that could be done to a user's identity is potentially serious.

Adobe Flash Player runs on websites such as Facebook, YouTube and many video streaming hosts - is there a possibility that your system has been attacked?

What can the vulnerability allow?

A media release from Adobe Security Advisory states that there is a serious flaw in the application, namely CVE-2016-1019, and this allows an attacker to access a system, crash it and then take control of the entire device(2), be that a computer, tablet or phone.

Symantec finds that the vulnerability can be exploited for people running Windows XP that have Flash Player Version 20.0.0.306 or earlier installed(1), while other systems will be at risk in the coming weeks if they are not updated with the patch that Adobe has released(1).

The ability of hackers to access Adobe's platform came from a recent update that allowed mitigation of the application(2), although after finding this to be an issue, the patch has amended the problem(1). It should be of the utmost importance for users to update their version of Adobe Flash Player on every browser installed on their systems to avoid being targeted.

What can the hacker do?

Once the vulnerability has been exploited, the cyberattack is underway and the hacker behind it will have access to your entire device. Once it is crashed, they will be able to control it(1), including accessing documents and other sensitive information, which can put a user's identity severely at risk.

Once they have this data, it can be sold and traded however they want on internet forums around the world. Personal information goes a long way online, and even the data of children can be lucrative. Passports, credit card information, dates of birth and addresses can all be used to convince someone else of an identity, and how many of these documents are on your devices?

Veda's Cybercrime and Fraud Report states that 32 per cent of Australians publish their full birthdays online(3), and this is one of the easiest ways for a cybercriminal to steal an identity.

Do you suspect you might have been a victim of this latest Adobe Flash Player vulnerability? Contact Identity Watch today to see what the team can do for you.

1. Symantec Security Response. New Flash zero-day exploited by attackers in the wild. Accessed May 2016.

2. Adobe Security Advisory. Security Advisory for Adobe Flash Player. Accessed May 2016.

3. Veda. Cybercrime and Fraud Report. Accessed May 2016.