Mozilla Temporarily Blocks Flash By Default In Firefox Following Security Woes
This has been a bad month for Adobe and its Flash software. A well known Italian hacking group called Hacking Team that sells software exploits to various governments was itself hacked last week, and among the 400GB of source code and other internal data that was stolen and leaked in the security breach were details on unpatched vulnerabilities in Adobe Flash.
"A critical vulnerability (CVE-2015-5119) has been identified in Adobe Flash Player 220.127.116.11 and earlier versions for Windows, Macintosh and Linux. Successful exploitation could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of reports that an exploit targeting this vulnerability has been published publicly. Adobe expects to make updates available on July 8," Adobe said at the time.
Then just yesterday, researchers discovered two more zero-day vulnerabilities in Adobe's Flash Player browser plugin. Just like the previous one, the securities came to light via a data dump of documents that were stolen from Hacking Team.
What's worrisome is that this could be just the beginning of many more zero-day vulnerabilities to come. It's not as though Adobe's Flash Player has a favorable history when it comes to security, and even if this is the last of the data dumps, Mozilla made the right move here since the latest threats are unpatched.