Adobe has released an emergency fix for a zero day vulnerability that has allowed at least one ransomware virus to hit Flash. If you’re running an outdated version of Flash, Adobe urges you to install the emergency patch before your system falls victim to the virus.
Time reports that this latest Flash vulnerability has already been exploited by the “Locky” ransomware, which is a type of malware that is able to hijack a system, lock the user out, and demand payment. If the user agrees to pay a ransom via the Internet, their system is released. If they refuse, they are denied access to their programs and files.
Unlike many computer viruses that are targeted only at Windows, Adobe’s security bulletin reveals that this Flash vulnerability renders multiple platforms vulnerable to virus, malware, or ransomware injection. According to the emergency security bulletin, users running Windows, OS X, Chrome OS and Linux are all advised to update to the latest version of Flash.
According to Naked Security, the Flash virus vulnerability had already been exploited in the wild prior to the release of the emergency patch, primarily by the “Locky” ransomware, but attacks were limited to Windows systems. Although Windows, OS X, Chrome OS and Linux are all vulnerable if they are running outdated versions of flash, only systems running Windows 10 or older, and using Flash version 20.0.0.306 or older, are likely to have been compromised.
The way to tell whether or not you need to update Flash, and whether or not you may have already been compromised, is to check your Flash version. You can do that by right clicking on any Flash video and selecting the “About Adobe Flash Player” option. It may show your flash player version right in the dialog box, but if it doesn’t, then clicking that option will take you to a page that displays the version you are running. You can also visit Adobe’s version information page directly.
While you were only at risk of virus, malware or ransomware infection if you were running an outdated version of Flash on Windows, Adobe is urging users of all four aforementioned platforms to update as soon as possible. If you have multiple browsers installed, such as some combination of Internet Explorer, Firefox, Chrome, or others, then it’s important to perform the Flash version check on each browser to avoid any future virus infection hitting your system due to this vulnerability.
USA Today reports that users running Internet Explorer, Edge or Chrome on Windows 8.1 or Windows 10 will be updated automatically, but checking your version just to be sure only takes a moment.
The Flash exploit was identified by Trend Micro, Microsoft, Google, FireEye, and others, according to Time , but Adobe has not released any information about how many Windows users have actually been hit by the ransomware virus before they rolled out their emergency patch.
According to USA Today , this is only the latest in a long line of instances where Flash vulnerabilities have been exploited to inject viruses or malware. The late Steve Jobs even posted a 1,700 word rant on the topic in 2010. Flash has since lost market share to HTML5, but USA Today reports that there are still more than 1 billion Flash users worldwide, and it is still widely used to display video and advertising on the Internet.
Ars Technica reports that some companies responsible for popular browsers, including Apple, Microsoft and Google, are moving toward making Flash ads click-to-play , rather than allowing them to load automatically. Following in Steve Jobs’ footsteps, Microsoft has even stated that they look forward to, “a future where Flash is no longer necessary as a default experience in Microsoft Edge.”
Was your system vulnerable to viruses or malware due to this Flash exploit, or did you hit the emergency update the moment it came out?
[Photo by Sean Gallup/Getty Images News]