If you’re using Flash on your machine, it’s time you check for an update and install the latest one available. That’s because last night, Adobe issued an emergency patch for its popular plug-in, which fixes a zero-day flaw that was being exploited in the wild.
The vulnerability was discovered by Japanese security research company, Trend Micro, which explained on its blog that this flaw was already being used by cyber criminals. The Flash exploit was being used in so-called ‘drive-by’ attacks, where a user’s machine can get infected just by visiting a malicious website.
According to Trend Micro this specific zero-day was incorporated in a exploit kit that’s being sold on the dark web in Russia. It’s also being used to infect machines with a type of ransomware called Cerber. This encrypts an infected machine and then demands payment, usually in the form of bitcoins, for the unlock key.
Ransomware has quickly become a major cyber security problem, with numerous users and institutions suffering attacks around the world. What’s worse is that most such institutions end up paying the cybercriminals, fueling a nefarious industry.
That’s why it’s always good to keep your software up to date. If you installed Flash manually, you’ll need to check for updates and install the latest ones as soon as possible. The latest version, which contains the fix to this flaw, is 18.104.22.168. If you only rely on Edge or Chrome as your browsers, these already contain Flash and will get updated automatically.