Amazon Bans Flash Ads As Malware Danger Grows

Amazon plans to drop Flash-based advertising from its e-commerce websites, after the most widely used browsers placed limits on the technology.

The browser changes are themselves in response to attackers’ increasing use of security vulnerabilities in Flash to launch attacks on users via malicious advertisements.

‘Consistent experience’

As a result, users viewing pages with Flash content often meet with browser prompts that Amazon said could disrupt their experience of its sites.

“This is driven by recent browser setting updates from Google Chrome, and existing browser settings from Mozilla Firefox and Apple Safari, that limit Flash content displayed on web pages,” the company said in a notice to advertisers. “This change ensures customers continue to have a positive, consistent experience on Amazon, and that ads displayed across the site function properly for optimal performance.”

The change is set to take place on 1 September. Earlier this month Adobe patched 34 security bugs in Flash, following a July update that fixed 36 bugs.

The July update was followed by an unscheduled patch fixing two previously unknown issues that were made public when data stolen from Milan-based surveillance company Hacking Team was released.

Browser block

The discovery of those two vulnerabilities prompted Mozilla to block Flash from running by default in its Firefox browser until a patch was released.

Earlier in August, IT security firm Malwarebytes said it discovered that attackers had made use of Yahoo!’s advertising network to spread malicious software that exploited known vulnerabilities in Flash.

“Yahoo!’s website has an estimated 6.9 billion visits per month, making this one of the largest malvertising attacks we have seen recently,” said Malwarebytes senior security researcher Jerome Segura in an advisory at the time.

Are you a security pro? Try our quiz!