The trio of recent Adobe Flash zero-day vulnerabilities prove that legacy, signature-based solutions do not work, according to members of the security community.
The first two Flash zero-days were uncovered by Adobe in January and are known to have been actively targeted by hackers.
The third flaw followed soon after when researchers at Trend Micro reported seeing another Flash zero-day in February.
Bharat Mistry, cyber security consultant at Trend Micro, told V3 that the flaws are dangerous as they can be exploited to evade traditional defences.
"All the recent zero-days pose significant problems as traditional signature-based tools and solutions are not capable of detecting them," he said.
"At one end of the spectrum the zero-days are used for the resurgence of ransomware with new derivatives such as Cryptowall.
"At the other end of the spectrum, the exploit can be used to establish a point of presence in an organisation and then silently move around the network compromising devices and looking for intellectual property or sensitive data."
Dave Palmer, director of technology at Darktrace, cited the flaws as proof of the need for self-learning, intelligence-based defences.
"The bottom line here is that organisations are simply unable to deploy these kind of quick-fix patches at the rate that serious vulnerabilities are now being discovered," he said.
"The legacy, rules-based approach to security will always be a step behind, therefore, because it is not possible to predict what the next vulnerability will be.
"Businesses concerned about protecting themselves from the next threat around the corner need a new approach, like an immune system, that focuses on detecting successful hacks, whether these are zero-days or older."
Andy Manoske, senior product manager at AlienVault, added that businesses that ignore researchers' warnings will be at constant risk as services like Flash will never be fully secure.
"Flash is architecturally complicated. It's not really a single platform so much as a zoo of different operating system clients that agree on a series of protocols and features," he explained.
"Complexity like this has a tendency to create issues due to things like implementation errors and race conditions, thereby creating the opportunity for exploitable vulnerabilities to be accidentally created and missed in quality assurance."
Adobe had not responded to V3's request for comment on the researchers' concerns at the time of publishing.
Flash is one of many commonly used technologies to be criticised by the security community.
Microsoft's Internet Explorer came under scrutiny in 2014 after 200 vulnerabilities in Internet Explorer were fixed as part of Microsoft's Patch Tuesday updates.
Oracle's Java has been similarly criticised. Oracle released a critical patch update in January fixing 167 vulnerabilities across hundreds of its products, including Java, warning that the worst of them could be remotely exploited by hackers.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches