If you’re reading this on a computer, it’s pretty likely that you have at least one of these plugins installed: Adobe Flash, Oracle Java or Microsoft Silverlight.
You may have downloaded Flash to play a game or Silverlight to watch a live football match, inside of your web browser. Starting to sound familiar?
Whichever web browser you are using, you should know that using any plugin runs the risk of putting your system – and your data – in increased peril.
Let’s travel back in time for a quick history lesson.
A history of web plugins
The advent of the World Wide Web meant demand for complex, interactive content increased – think animations, games and video, inside of your everyday webpages.
The original Flash Player didn’t become part of Adobe’s portfolio until 2005. Nevertheless, Flash soon became a big name in web technologies: a de-facto standard for embedding media into websites.
The first version of Silverlight was released by Microsoft halfway through 2007, as a contemporary alternative to Adobe’s Flash technology.
Although the underlying technology differs, Microsoft’s intentions were to produce a new framework for interactive content, much like Flash.
Java, however, means different things to different people. In this article, I’m particularly talking about Java “applets” – the mini-applications developed for the Java platform but executed inside your web browser.
Nowadays, interactive content has become even more advanced; many sites use HTML5 to help with this. A quick side note: every webpage you look at is written in a special, vendor-neutral programming language called HTML, where HTML5 is the fifth – and most advanced – revision of the original version.
Flash, Java and Silverlight are all branded frameworks on the path to obsolescence, but the movement away from proprietary software is just one part of the story.
The world of exploits
Unfortunately, the key ability that made each of these plugins so widely accepted – running complex code inside your web browser – is actively abused by cybercriminals and other malicious actors.
New ways to abuse this computing power are being found every day; commonly regarded as “exploits” within the information security industry. What’s more, many of these computer vulnerabilities raise major concerns.
Today’s cybercriminals parcel up many of these exploits into “exploit kits” – multi-pronged packages designed specifically to take advantage of flaws in plugins like Flash and Java.
Gaining this kind of direct to a victim’s computer means the cybercriminal can push ransomware and a plethora of other threats – the sky’s the limit.
In a series of follow-up articles I will describe how you can keep some of the most commonly exploited plugins updated, and – importantly – how you can uninstall them if you wish to shut the door permanently to their exploitation by malicious hackers.