Over the last several years, attackers continued to target client systems. Client systems are favored over servers since client computers are a target rich environment. One area that’s a growing threat for clients are exploits that target remote-code execution. Adobe Flash is one application that is vulnerable to remote-code execution attacks.
Flash vulnerabilities are incredibly attractive to hackers as they offer an easy way to exploit client systems. New reports indicate that the March 2011 attack against RSA used a Flash exploit to gain access to their corporate network. While keeping Flash and other applications up to date can help, it’s not a complete solution. If an application is vulnerable to a zero day attack, there’s no patch that is yet available.
For users this means patching can help, but they must also be diligent and cautious about what attachments they open and practice caution when visiting websites or opening suspicious emails.