Emergency Flash Update to Combat Ransomware
Adobe released an update to Flash yesterday after it was discovered that a vulnerability was leaving Windows PC's open to a ransomware attack.
Trend Micro informed Adobe a week ago that they were seeing hackers infecting computers with a type of ransomware called Cerber. One unique thing about Cerber is that it actually reads the ransom note to the owner of the infected computer.
The vulnerability being used is a zero day exploit, meaning that hackers are aware of it before the manufacturer. Zero day exploits allow hackers to get a head start on infecting systems because the manufacturer first has to discover that the vulnerability is being used, then they have to come up with a patch for it, then they have to get word out to as many users as possible to apply the update.
Cerber's use of the zero day exploit is a part of the Magnitude Exploit Kit and is available on the internet black market. Exploit kits make it easy for people to buy and implement the hacking tools, which helps them become more widespread. This one in particular sends computers to compromised websites and causes them to become infected by merely visiting the site.
Over a billion computer users have Adobe Flash installed in their web browsers.