Adobe patches Flash bug that’s being exploited to install ransomware

Adobe has rushed out a Flash update to plug a security hole spotted by infosec researchers, who warned that Windows 10 users of the software may have been exposed to the flaw for more than a week.

Ne’er-do-wells could exploit the flaw by sending ransomware to Windows 10 machines. Adobe said its updates addressed critical vulnerabilities in Flash, and advised users to install the latest version of the software. It said in a security bulletin:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version and earlier.

Further Reading

Edge to follow Chrome’s lead, make Flash ads click-to-play

Microsoft looks forward to a future where Flash isn’t a part of the Web.

Researchers at Proofpoint—which has a good explainer of the flaw here—worked with other infosec folk to track down the latest security hole in Flash that could be exploited by attackers with a type of ransomware dubbed “Cerber.” The ransomware is understood to have been in the wild since at least March 31.

“The bug allows an attacker to send booby-trapped content to your browser’s Flash plugin in such a way that your browser will not only crash, but also hand over control to the attacker in the process,” Sophos explained ahead of the update being issued by Adobe.

While Adobe claimed that the latest in-the-wild exploits were only targeting Windows 10 users, it would be wise for Flash fans to update the software immediately. Or alternatively, altogether bin it.

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s