This latest exploit is especially nasty as it uses a security hole found within Flash to allow nefarious parties to infiltrate Windows 10 machines and install ransomware. As we’ve seen by recent ransomware outbreaks at hospitals around the country, this is serious business.
The exploit was initially discovered by Trend Micro researchers on March 31st, while fellow security researchers Proofpoint, Sophos and FireEye have narrowed down the scope of affected systems and the attack vectors.
“Equipped with a weapon that could pierce even the latest armor, [the threat actors] only used it against old armor, and in doing so exposed to security researchers a previously unreported vulnerability,” writes the researchers at Proofpoint.
“The bug allows an attacker to send booby-trapped content to your browser’s Flash plugin in such a way that your browser will not only crash, but also hand over control to the attacker in the process,” adds Paul Ducklin of Sophos’ Naked Security blog. “There’s no need to take any additional action such as clicking [OK] on a download dialog, or clicking [Ignore] on a security pop-up: drive-by malware infections generally happen, well, in a flash.”
For its part, Adobe has issued a fix that all Flash users are encouraged to install promptly. The company writes in a security bulletin:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 126.96.36.1996 and earlier.
While it’s nice that an update has been released to help mitigate this latest Adobe Flash exploit, the only way to keep your systems safe is to simply disable or uninstall Adobe Flash altogether. Or better yet, we could just nuke it from orbit; it’s the only way to be sure.