With more zero-day exploits for Flash being released – including notable recent revelations that arose from the Hacker Group hack – security experts everywhere are mulling the benefits and risks of enabling Flash.
Do you use Flash? Many people don’t. YouTube adopted the HTML5 standard for video earlier this year and other sites have followed suit. Netflix previously used Silverlight and is moving to HTML5 rapidly across platforms. While a few sites might still require Flash to access a piece of embedded content, most no longer do. Many ads, however, still use Flash, which can create a vector for malvertising to infiltrate your system with a drive-by or targeted attack.
Take the test. Not sure how often you use Flash? You don’t have to completely uninstall or disable Flash to improve your security. Consider enabling ‘click to play’ for Flash content in your browser. By default, Flash content will appear as a greyed-out box with a prompt to click to enable the content. You can then decide on a case-by-case basis if the content is worthy of loading, while blocking all the suspicious and unnecessary Flash content.
What do you think? Is there a good reason to leave Flash enabled?
Tags: InfoSec, Malware, Endpoint Security