Adobe patches up latest Flash exploit that allowed ransomware
Adobe patches up latest Flash exploit that allowed ransomware
Adobe said that the latest major weak spot in Adobe Flash just got patched by its makers. The malicious bug that exploited its vulnerability is able to send ransomware to Windows 10 machines, rendering computers unusable.
According to security researchers at Proofpoint, the originally undiscovered vulnerability in Adobe Flash dubbed as CVE-2016-1019 was made used by the Magnitude exploit kit to spread Cerber and Locky ransomware. Security software company Sophos explained that the exploit allowed attackers “to send booby-trapped content to your browser’s Flash plugin in such a way that your browser will not only crash, but also hand over control to the attacker in the process”. It’s unique as the exploit allowed ransomware to be installed with as little interaction as possible – it only needs the user to look at a booby-trapped page to get infected.
The bug is also capable of working on any version of Adobe Flash, and that includes the fully patched instance of Flash. However, the bug was designed so that it only targeted older versions of Adobe Flash. Security researchers believe that this is a faulty implementation of the bug, and that it also alerted them to the vulnerability in Flash.
To patch Adobe Flash on your computer (which really shouldn’t be by now), you can download the latest update from the Adobe Flash Player Download Center, if your Flash hasn’t automatically updated itself. Windows, Mac, and Linux users should patch their Flash to the latest possible version, even though the bug only targets Windows 10 machines – for now.
Source: Adobe via Ars Technica