Critical Adobe Flash Security Update Needed to Stop Malware-Truth!
Summary of eRumor:
A critical security update for Adobe Flash is needed to prevent malware and ransomware from being installed on users’ computers.
The Truth:
It’s true that a critical security update has been issued for Adobe Flash to prevent third-party attacks that could give hackers control over users’ computers.
In a security bulletin issued on April 7th, Adobe urged users to download a security update to close a loophole that makes the software vulnerable to hackers:
Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and ChromeOS. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that CVE-2016-1019 is being actively exploited on systems running Windows 10 and earlier with Flash Player version 20.0.0.306 and earlier. Please refer to APSA16-01for details.
Click here to read the full security bulletin, and click here to determine what version of Adobe Flash you have and whether or not the update applies to you.
More than a billion people around the world use Adobe Flash, and a security flaw in some versions left computers vulnerable to “ransomeware” attacks in which hackers gain access to computers, encrypt data and force victims to pay a ransom to retain access, Reuters reports:
Adobe’s new patch fixes a previously unknown security flaw. Such bugs, known as “zero days,” are highly prized because they are harder to defend against since software makers and security firms have not had time to figure out ways to block them. They are typically used by nation states for espionage and sabotage, not by cyber criminals who tend to use widely known bugs for their attacks.
Use of a “zero day” to distribute ransomware highlights the severity of a growing ransomware epidemic, which has disrupted operations at a wide range of organizations across the United States and Europe, including hospitals, police stations and school districts.
Ransomware schemes have boomed in recent months, with increasingly sophisticated techniques and tools used in such operations.
This isn’t the first security threat that Adobe users have faced in recent years, either. Back in 2013, cyberattackers targeted Adobe Flash users with malware that was disguised to look like a routine Adobe Flash update. Once victims were tricked into giving their permission for the so-called “update” to be installed, their data was encrypted and ransomed, Symantec reports.
Always make sure anti-virus software is up-to-date, and make sure that updates for software like Adobe Flash is issued directly from the company, not through a third party.