By Anthony Settipani
If you’re at all familiar with Adobe Flash, you probably know that it’s one of the biggest gateways used by hackers and cybercriminals to take over computers and steal people’s information. If you’re not, you may be surprised to find out that the cute little program behind Youtube, Club Penguin and so much else you love may actually be plotting to kill you–er, or at least to steal your passwords.
For years, Adobe’s Flash Player has been ridiculed as one of the least secure applications on the Internet, with everyone from Steve Jobs to major security company Symantec pointing out its flaws by the megabyte. It’s had IT professionals wringing their hands for years, security analysts pointing out major vulnerabilities and Adobe itself racing to patch them before the damage becomes too severe.
The most recent episode began somewhat ironically earlier this week when Hacking Team, an organization that develops high-end surveillance software for the United States government, was itself targeted by cybercriminals. That’s right, the people who make the tools for the government to spy on people were in fact hacked themselves. When this happened, the attackers released an estimated 400 gigabytes of sensitive information into the cyber-underworld, among which was the key to a new exploit–or weakness–for Adobe Flash.
What all this means for you is that your computer is at risk. Yes, yours, and it’s from the same people who just broke into a freaking governmental spymaster database. The way this happened is that as soon as the data went live on the web, hacker groups used it to design what are called “exploit kits,” little pieces of code that lurk inconspicuously on ordinary websites, then download themselves to your machine as soon as you visit. It doesn’t even need you to let it in through some kind of torrenting site or illegal download–Flash Player does all of that for you.
So what do you do to start protecting your computer and gain back the peace of mind you (hopefully) just lost? The first and most important thing to do is update Adobe Flash.
As soon as Adobe discovers these vulnerabilities, it begins work on fixing them. Usually, a patch emerges within a few days, and in this particular case, any version later than 18.104.22.168 is the one you want to get. Updates are available for all three major operating systems–Windows, Mac and Linux–which means that all three operating systems are vulnerable and ought to be patched.
After you’ve updated, you’ll be about as safe as you can be until the next exploit comes through the door. If you’re looking for even more security, you can start looking at ways to keep Flash from interacting with the websites you visit.
The important thing to remember is that with these exploit kits, you really only get into trouble when their code can talk to the Adobe plugin in your browser. If you block that, the kit becomes somewhat akin to an oncoming truck–dangerous, but not if you’re standing on the sidewalk. So there are a number of ways you can do this, from installing a Flash-blocking plugin all the way to disabling the program completely on your computer. If you’re interested in any of these additional measures, Eric Limer over at Gizmodo has a good range of options to get you started. And if you do in fact suspect that your computer might have been hacked, head over to Laptop ER or the Norris Tech Center, and see if you can get it sorted out.