Adobe issued a security update April 7 that addresses what the software maker calls “critical vulnerabilities” in its Flash Player that could allow intruders to take control of a victim’s computer.
The vulnerability affects Flash running on Windows, Mac, Linux, and Chrome OS operating systems. Trend Micro, one of the companies involved in spotting the issue, said that the vulnerability was found to be spreading what’s been called the “Locky ransomware.” Ransomware is a type of malware (malicious software) that essentially holds a victim’s computer hostage. The attacker typically blocks off access to the system until a sum of money is paid over the Internet.
Adobe is urging users to update their Flash Player as quickly as possible. To do this, right click on Flash content in your browser and select “About Adobe Flash Player” to see which version you’re running. You can also check this by navigating to Adobe’s version information page here. This will tell you if your computer is running an outdated version edition of Flash.
Adobe notes that the vulnerability has been actively exploited on devices running Windows 10 and earlier with Flash Player version 22.214.171.1246 and earlier.
Researchers from Trend Micro’s Zero Day Initiative, Google’s Project Zero, Microsoft’s security team, FireEye, and others are credited with discovering the problem. Adobe hasn’t said how many users have been affected by the ransomware.