Redmond's security brains trust – Tim Rains, Matt Miller, and David Watson – say its patch wrecking ball, applied only to out-of-date Java installations last year, forced 90 per cent of that platform's hackers to move to Flash.
“2014 saw a shift from a balanced targeting of Java and Flash to over 90 per cent focus on Flash,” the team told delegates to RSA San Francisco last week. “The drop in Java exploits corresponds to a new Internet Explorer feature which blocks the use of out-of-date Java.”
Now the battle to build Flashy hacks is heating up. Five of eight new exploits worked into exploit kits last year targeted Adobe, while three of those five were exploited within 10 days of public vulnerability disclosure.
To illustrate the success, the team say the recent HanJuan advertising Flash hole (CVE-2015-0311) bagged more than five million victims.