Adobe issue alert over ransomware exploit – update FLASH now…
Adobe has issued a security alert and are recommending everyone update their Flash software as soon as possible.
A zero-day exploit in Adobe Flash can allow criminals to deliver ransomware through drive-by malware download attacks that can infect your computer. Adobe has just released a Flash update which we highly recommend you install as soon as possible.
Okay, there was a lot of terminology in that opening sentence, so we’ll break it down to make it a little simpler.
Adobe Flash – the software that allows Internet browsers to display certain dynamic content that some webpages may want to display – has been compromised by what is known as a zero-day exploit. A zero-day exploit is when the bad guys discover a vulnerability in the software before the good guys and start using that vulnerability to launch attacks before the developers get a chance to fix it with an update. We talk about more about zero-day exploits here.
In this case, those bad buys are using the vulnerability to infect computers using what is known as “drive by” malware downloads. This means that the vulnerability allows malware to install just by visiting a webpage. This is important to note, because usually malware can only download onto a computer after the victim is tricked into giving it explicit permission to download. In the case of drive-by downloads, no permission is needed. The vulnerability allows malware to download simply by visiting an infected webpage.
And finally, most of our readers will be familiar with ransomware. We’ve been delivering regular warnings about this dangerous classification of malware for some time now. It’s malware that encrypts the files on your computer – to the point where no one can realistically decrypt them without the decrypt key – and extorts ransom money from the victim for the decryption key. Learn more about ransomware here.
Sponsored Content. Continued below...
So to summarise, an exploit in Flash is allowing criminals to install ransomware onto computers after they visit infected websites, and you need to get the update from Adobe as quickly as possible to ensure you don’t fall victim.
How do you install the latest Flash?
For many, it is through this link here. Visit that link on every browser you use to access the Internet, since many use separate plugins.
However for others, it depends on your computer and what browser you use. The latest version of IE and Chrome include an integrated version of Flash Player and should install the update automatically, though it is worth checking. The update you ideally want is 21.0.0.213, or 21.0.0.182 for Windows 8.1 users using Internet Explorer or Windows 10 users using Microsoft Edge.
Some may be able to update Flash using the Flash control panel app to initiate a manual download. Type “flash” into the Start menu and open Flash Player and hit Updates and then Check Now.
WeLiveSecurity have a pretty in depth tutorial on how different users can check their version and update if necessary here.