Why Is Adobe Flash Such A Gateway For So Many Exploits?

There are so many technologies on the web that we use every day that it is hard to keep up to date with all of them. Every day, one of the technologies that we use has a security update that we must find out about and take care of. Sometimes our Windows operating system will automatically patch the security hole in the software or the software itself has functionality that will automatically update the program. No matter what, we must make sure that the software gets fixed so that we are not sitting ducks when we go to a web site on the internet. Any hole in any of the software that we use can cause our computers to have serious problems later on if we visit the wrong site. One piece of software that has been a trouble spot for security issues on our computer for a long time is known as Flash. This is a piece of software that has been around for a long time and it is on almost everyone’s computer. This is a feature that makes it such a big target with black hat hackers.

why is Adobe Flash such a gateway for exploits?

why is Adobe Flash such a gateway for exploits?

What is Flash and what does it do for our computer?

You might be asking yourself, why is this software installed on so many people’s computers if it is so dangerous? Why even take the risk? The reason why company’s pre install the software on so many computers is because there are a lot of web sites that use Flash content as part of their presentation. If you go to a web site and it runs Flash but you are not able to see it then you will blame the operating system or the people who sold you the computer. So to make sure that situation does not happen, they pre install Flash onto everyone’s computer.

Since now you know why Flash is on all of these computers, I guess we should explain what Flash is. Flash is a technology that takes vector images and makes them animated. You are able to create a cartoon like experience with the technology. In the last several years, you have also been able to make applications out of the Flash technology. The applications are colorful and interactive in a way the normal applications are not. So to keep people’s attention, you will see a lot of web site use Flash as part of their content.

So why is the Flash technology so full of security holes?

In any technology, when it has a large code base, there is going to be security holes in it. The Flash technology is based on source code that has a large base and when you are dealing with millions of lines of code like that, you will find mistakes in it. The people who make the program are only human and no one is able to deal with something so large without there being any mistakes. Now you add to this large code base the fact that the technology is in so many computers and now you have a tempting target for black hat hackers. Hackers need targets that have a large amount of people for their exploits to be successful. With being on over 90% of the computers out on the market, Flash fits this profile perfectly. You see this same affect with the Windows operating system as well. It is on so many people’s computers that hackers know that they have a large target to work against.

Now you add also to the facts that we described in the previous paragraph the point that Flash also has a scriptable language embedded inside of it and you run into even more trouble. Flash not only acts as if it is a platform that will create animation, it is also a runtime that is sitting in your browser that is able to run programs on its own. This means that it is possible to create an exploit in the embedded language that is in Flash which is known as Actionscript. Actionscript is a JavaScript like language which earlier in its life span was considered a toy language. Now it is a pretty powerful language in its own right. It is able to create input and output commands that are able to access both the network and the disk on your computer. This is enough to be able to cause you a serious problem in the wrong hands. There are some safeguards that are built into the runtime that is supposed to stop malicious behavior but it is not 100% secure.

Flash is a technology that is secure but not 100%. There are holes in it and when you are asked by the operating system to upgrade the software, then you should really follow through with the request. Also make sure that you are careful about fake flash sites that ask you to upgrade. If you need to upgrade the software, make sure that you are on the adobe.com web site.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Trackbacks

  1. […] Second to Windows by Microsoft, their software is everywhere.The number one plug-in in the world is the Flash plug-in. It is the software that allows you to play Flash content on the browser of your choosing. In case […]

Speak Your Mind

*