In an effort to bring some standardization to vulnerability assessment, the Common Vulnerability Scoring System (CVSS) version 3 was created. Another example is that an exploit which requires an attacker to be physically present in front of the computer is less critical than an exploit which can be used remotely over the internet. For example, an exploit that requires a large number of antecedent events to fall into place before it can be perpetrated is less critical than an exploit that can be used in a wider variety of situations.
There are many vulnerabilities reported against products that are not a high priority to fix. By 2014 there were 76, and an astounding 595 vulnerabilities have been reported in the last two years alone. In 2005, there was a single vulnerability reported. While that may seem like a long time, the problem is getting exponentially worse. In a review of the vulnerabilities reported against Flash in the past 12 years, the site CVE Details reveals a whopping 1020 vulnerabilities were discovered since December 2005. Thankfully, HTML has become more capable in the past few years and the need for Flash is dropping off, which makes the internet a safer place. The vulnerabilities come too fast for Adobe to keep up, which means it is almost certain that there are zero day (unknown) vulnerabilities in the plugin at any given time. Security and privacy advocates world-wide recommend disabling or uninstalling Flash as a standard step in securing a computer. Flash has been targeted by malware authors for years culminating with hundreds of vulnerabilities in the last two years alone.
That massive deployment caught the attention of hackers who liked the idea of being able to infect so many systems with one piece of malware. By the mid-2000’s Flash was installed on millions of desktop computers world-wide. Flash was used to play movies, create online video games, and display annoying advertisements. Adobe developed Shockwave Flash, which became simply Flash later in life, and that gave developers a way to bring rich content to the static web. The first version of the world wide web was built on a very unimpressive version of the Hyper Text Markup Language (HTML) which was not able to do anything in the way of animation or scripting. Adobe Flash has been around since the dawn of the commercial internet.
0 kommentar(er)
