Following the news that another Flash zero-day is being exploited in the wild and users have days to wait for a fix, Gavin Millard, Technical Director EMEA at Tenable Network Security commented below.
Gavin Millard, Technical Director EMEA at Tenable Network Security:
“It’s becoming ever more critical that organisations reduce their reliance on Flash within the enterprise, continuously monitoring for usage, uninstalling where possible and enabling click to play where it’s not. Flash has been the favoured attack vector for exploit kit authors for the last 18 months, with many of the ransomware variants leveraging known vulnerabilities to deliver their code.
“More concerning is the delay between the discovery of the flaw, noted back as far as March of this year, the disclosure today and the lack of a patch for the next few days leaving the huge Flash user base exposed.
“Many within the security industry have rightfully been calling for the demise of Flash in the enterprise, this is yet another reason the advice should be heeded.”