20 Aug Yahoo Ads Delivered Malware as Hackers Leverage Flash Security Flaw

Visitors to Yahoo’s main website during the last week in July may have been exposed to malware. On August 3rd, security software company Malwarebytes reported on their blog that they had notified Yahoo as soon as they discovered the security flaw, and that Yahoo immediately took steps to remove the threat. According to Malwarebytes, “malvertising” is particularly insidious because it doesn’t require user interaction; merely browsing the website can cause the computer to be infected. After being redirected through two websites hosted on Microsoft’s Azure cloud platform, users’ computers downloaded the malware.

According to The New York Times’ Bits technology blog, the hackers exploited out-of-date versions of Flash Player. Adobe recommends that users keep their version of Flash up-to-date, and has a sniffer on their Flash download page that tells visitors what version of Flash they’re running. However, in light of repeated security breaches, there are mounting concerns with Flash. In mid-July, Alex Stamos, Chief Security Officer at Facebook, tweeted a call for Adobe to announce a retirement date for Flash. In a subsequent Twitter exchange, he pointed out that newer browsers no longer require Flash for video streaming. Since January, YouTube has used HTML5 by default in Chrome, IE 11, Safari 8.

Designers and animators creating media content will need to include HTML5 in their arsenal of professional skills. However, should Flash be retired in favor of HTML5, chances are security issues won’t be solved. As reported in InfoWorld, although it’s an improvement over Flash, HTML5 brings its own set of complex security flaws.