Lately, however, it seems to pendulum has swung back in favor of exploits for Flash Player. Time was, Oracle’s Java plugin was the favorite target of exploit kits, software tools made to be stitched into hacked or malicious sites and foist on visiting browsers a kitchen sink of exploits for various plugin vulnerabilities. ET: Oddly enough, Adobe just minutes ago released an out-of-band patch to fix a zero-day flaw in Flash. Adobe also shipped out-of-band Flash fixes in December and November 2014. This happened most recently in February 2015, and twice the month prior. It’s also not uncommon for Adobe to release emergency fixes for the software to patch flaws that bad guys started exploiting before Adobe even knew about the bugs. The Flash Player plugin is a stellar example of this: It is among the most widely used browser plugins, and it requires monthly patching (if not more frequently). Turns out, not so much.īrowser plugins are favorite targets for malware and miscreants because they are generally full of unpatched or undocumented security holes that cybercrooks can use to seize complete control over vulnerable systems. I’ve spent the better part of the last month running a little experiment to see how much I would miss Adobe‘s buggy and insecure Flash Player software if I removed it from my systems altogether.