For the second time in two months, Adobe has released an update to Flash that, if you're running Flash, is more than just a nice-to-have. The software maker urged the more than 1 billion users of Flash to update the product as quickly as possible after security researchers found a bug that's being exploited in "drive-by" attacks which infect computers with ransomware when tainted websites are visited.
Adobe's latest patch fixes a previously unknown security flaw. Such bugs, known as "zero day" bugs, are highly prized because they are harder to defend against since software makers and security firms haven't had the time to figure out ways to block them before they're discovered.
Trend Micro, the anti-virus and anti-malware vendor, said that it had warned Adobe that it had seen attackers exploiting the flaw to infect computers with a type of ransomware known as 'Cerber' as early as March 31.
For more details about ransomware, check our our recent blog: 8 Ways to Protect Yourself From Ransomware.
From the Adobe website:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01 for details.
You can download the security update here.
Have you or do you know of anyone who's been hit by ransomware? Share your experience with us in the Comments section below.
On a related note, if you'd like to see how your security precautions stack up, please download our free Cyber Security Report Card and evaluate how you're doing.