Adobe systems has issued an important patch for its Flash browser plugin software. As Reuters reports, Adobe has issued this patch to remedy a security flaw that made users vulnerable to drive-by ransomware attacks. This vulnerability was a so-called 0-day one, and has been exploited by a type of ransomware known as 'Cerber' since the end of March.
Ransomware has grown in prominence in tech and general news headlines recently. Typically, once the ransomware malware files become active on your computer system, your personal folders, or even complete drives, can be encrypted. That usually leaves just two possibilities; either pay the attacker for the decryption key, or restore your files/drives from your well maintained backups. It's easy to understand that many will pay handsomely to get access to their files back, which may include important business documents and cherished family photos and videos.
Trend Micro apparently warned Adobe about the Flash flaw allowing drive-by installations of the Cerber ransomware as far back as 31st March. Cerber is interesting as the malware includes speech reminding users and urging users to pay up to regain access to their files.
Adobe's release notes concerning the Flash Player 21 update simply says that it contains "important bug fixes and security updates". You have to find the associated security bulletin to read about the 24 critical vulnerabilities fixed in this release. In these notes Adobe admits that "CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 188.8.131.526 and earlier". CVE-2016-1019 is a "type confusion vulnerability" that could lead to code execution.
Adobe notes that those with auto-updates for Flash enabled should get the update soon. However that hadn't happened for me, so I headed over to Flash.com to grab the update direct. It was annoying to have to opt out of Adobe's optional offers, which I think of as Adobe monetising its software failures.
Windows, Macintosh, Linux and ChromeOS users are all urged to update their Flash Player software.