CATEGORIES
home News

Adobe Rushes Emergency Patch For Zero-Day Flash Ransomware Stalking Windows 10 Users

by Brandon HillFriday, April 08, 2016, 11:42 AM EDT

ID4 virus
It’s been a rough week for Adobe and its Flash plugin. This week, Microsoft announced that it is hitting the pause button on unnecessary and excessive Flash content on webpages, and now we’re learning that Adobe had to scramble to patch up yet another zero-day exploit in Flash.

This latest exploit is especially nasty as it uses a security hole found within Flash to allow nefarious parties to infiltrate Windows 10 machines and install ransomware. As we’ve seen by recent ransomware outbreaks at hospitals around the country, this is serious business.

The exploit was initially discovered by Trend Micro researchers on March 31st, while fellow security researchers Proofpoint, Sophos and FireEye have narrowed down the scope of affected systems and the attack vectors.

“Equipped with a weapon that could pierce even the latest armor, [the threat actors] only used it against old armor, and in doing so exposed to security researchers a previously unreported vulnerability,” writes the researchers at Proofpoint.

Adobe Building

“The bug allows an attacker to send booby-trapped content to your browser’s Flash plugin in such a way that your browser will not only crash, but also hand over control to the attacker in the process,” adds Paul Ducklin of Sophos’ Naked Security blog. “There’s no need to take any additional action such as clicking [OK] on a download dialog, or clicking [Ignore] on a security pop-up: drive-by malware infections generally happen, well, in a flash.”

For its part, Adobe has issued a fix that all Flash users are encouraged to install promptly. The company writes in a security bulletin:

Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system. 

Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier.

While it’s nice that an update has been released to help mitigate this latest Adobe Flash exploit, the only way to keep your systems safe is to simply disable or uninstall Adobe Flash altogether. Or better yet, we could just nuke it from orbit; it’s the only way to be sure.

Tags:  Flash, Adobe Flash, Ransomware, Windows 10
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment