MBAE2Back in July we reported that a Flash zero-day vulnerability had been discovered. In fact had it not been for the hack on hacking group Hacking Team, there is a good chance the vulnerability might have gone on undiscovered for goodness knows how long. That being said, the discovery led to some security experts calling on Flash to be retired for good.

Advertising

In case you’re thinking that maybe it’s too premature, think again. According to a recent discovery, it seems that hackers have actually been taking advantage of another Flash vulnerability and for the past seven days, they have actually used Yahoo’s ad network to distribute malicious bits of code.

The malware was hidden inside Yahoo’s ads which rely on Flash, meaning that anyone who visited a website with Yahoo ads could potentially have been infected. This was discovered by the folks at Malwarebytes where according to one of the researchers Jérôme Segura, “Right now, the bad guys are really enjoying this. Flash for them was a godsend.”

Malwarebytes has since gotten in touch with Yahoo where the issue has since been promptly fixed, and with Yahoo issuing a statement that reads, “Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.”

In the meantime we have seen websites and services like Twitch change from Flash to HTML5, and with Mozilla blocking Flash content on their Firefox browsers by default.

Filed in Web. Read more about , and .

Related Articles on Ubergizmo