This is a “Best of” podcast. After it was put Well, Adobe System’s Flash Player has been smacked yet again by something called a drive-by download attack. First, what the heck is a drive-by download attack? Well, according to Whatis.com:
A drive-by download is a program that is automatically downloaded to your computer without your consent or even your knowledge. A drive-by download can be initiated by simply visiting a Web site or viewing an HTML e-mail message. If your computer’s security settings are lax, it may be possible for drive-by downloads to occur without any further action on your part.
So, this is not like a pop-up download, which would ask for permission but in a way that would seem to give you an easy alternative…and that alternative would be to give it the permission that it seeks.
I don’t know, Flash is a very old technology. How long before HTML-5 is a universally accepted protocol? This vulnerability was found in IE and Firefox on Windows 8.1 and below. I guess that’s all of them, eh?
A researchers from Trend Micro and Microsoft found these Malvertising attacks. They are loaded onto your computer from malicious advertising. I guess they were found on the video file sharing website Dailymotion. These exploits were within the advertising there…not the website content itself.
Adobe has released updates to combat these exploits. Apparently these are launched from legit advert networks and are very hard to spot and identify. So what do you do? Users should enable the click-to-play feature in browsers to prevent content such as Flash from running automatically…not requiring your consent. Also security experts suggest you keep your antivirus up to date because Adobe regularly shares information on these exploits.