A Journey Into Adobe Flash’s Vulnerabilities and How Users Can Upgrade

Posted on January 16th, 2014 by Andreas Baumhof

Header-Andreas

This will be a blog post that will be updated continuously as we track how “normal” endusers are taking security advisories seriously.

Adobe recently released a security bulletin  (January 14, 2014) advising all users to URGENTLY update their Adobe Flash players because “These updates address critical vulnerabilities in the software.

CVE-2014-0491 and CVE-2014-0492 both concern remote code execution vulnerabilities, which means that any website you visit can silently install malware on your computer. Ever wonder how malware is installed? This is exactly how it is done.

Just to repeat this. Every single computer that has an Adobe Flash version < 12 installed is vulnerable to get malware on their device.

So let’s look into the ThreatMetrix™ Global Trust Intelligence Network (The Network) for some statistics. (The Network is powered by more than 1,900 customers protecting over 9,000 websites worldwide).

First of all, Adobe Flash is installed on over 64% of the devices that interact with ThreatMetrix customers.

 

installed

The Adobe Flash Player versions in use are:

 

versions

If we look at the important number of how many users have already upgraded to an Adobe Flash version 12 or higher, that’s 1.72%.

Not surprisingly most people upgraded last week, although “most people” is still an understatement.

protectedusers

We will track these numbers for you continuously and update this blog as it will be very interesting to see how endusers update their software.

Congratulations to a user in the United Kingdom for being the first one within The Network to make a transaction on November 14, 2013 with a Flash version 12.0.0.3 which was the first beta of the v12 on the day it came out. You made my day.

Oh, and if you haven’t done so, please upgrade your Adobe Flash player here: http://get.adobe.com/flashplayer

ThreatMetrix secures Web transactions against account takeoverpayment fraudidentity spoofing, malware, and data breaches. The ThreatMetrix Global Trust Intelligence Network, which analyzes 500 million monthly transactions, provides context-based authentication and Web fraud prevention to help companies accelerate revenue, reduce costs and eliminate friction. ThreatMetrix protects more than 1,900 customers and 9,000 websites across a variety of industries, including financial servicesenterprisee-commerce, payments, social networks, government, and insurance. For more information, visit www.threatmetrix.com or call 1-408-200-5755.

Join the cybersecurity conversation by visiting the ThreatMetrix blogFacebookLinkedIn and Twitter pages.