Adobe has issued yet another emergency patch designed to patch a critical vulnerability in its Flash Player that’s being actively exploited in the wild.
The vulnerability, which would allow an attacker to take control of an unpatched system, affects Windows, Linux, Macintosh and Chrome OS. As Trend Micro points out, one of the vulnerabilities – CVE-2016-1019 – has been identified as being used by the Magnitude Exploit Kit to spread the Locky ransomware.
As the name suggests, the Locky ransomware is designed to look for and encrypt select files including documents, images, music, videos, archives and databases – you know, the stuff you really don’t want to lose. Once the files are encrypted, the victim is given the option to visit a Tor site and pay a ransom of 0.5 BTC (Bitcoin) to (hopefully) regain access to their files.
The good news here is that most modern browsers including Chrome, Internet Explorer and Microsoft Edge should automatically update their Flash Player plug-in to the latest version, otherwise you'll need to do it manually.
Once a lauded technology prominently used by millions upon millions of computers and mobile devices, Flash has served as a thorn in the side of consumers and security experts for years. Many have since moved on to HTML5, a different type of platform used to present content on the web.
https://www.techspot.com/news/64395-adobe-issues-emergency-patch-fix-vulnerability-used-install.html
