Last night Adobe released a critical update for its Flash software. The update addresses a zero-day vulnerability that has been used by cybercriminals to infect users running Windows 10 as well as earlier versions of the operating system. A zero day vulnerability refers to a security flaw in software that is not known to its creators or to the general public. Subsequently, the vulnerability can be exploited by cybercriminals to infect or infiltrate computers running the software. Adobe has qualified this as a Critical update, which refers to “A vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.” 

Proofpoint, a security software company, discovered that the vulnerability was incorporated into the Nuclear and Magnitude exploit kits. An exploit kit is a malicious program used to determine a computer’s vulnerabilities and then infect them with a corresponding computer virus. In this case, if the exploit kit discovered a user with the Flash vulnerability or another security hole, it infected them with the Locky or Cerber ransomware. Ransomware is a type of computer virus which restricts users’ access to their own files, essentially disabling their computer and making their documents inaccessible. According to Malwarebytes’ Security Blog, the Cerber ransomware has the ability to talk to the victim using a text-to-speech emulator to announce, “Attention! Attention! Attention! Your documents, photos, databases, and other important files have been encrypted!”

Last year, as a result of several high profile zero-day vulnerabilities affecting Flash, Firefox blocked the Flash Player plugin from its browser. Alex Stamos, Facebook’s head of security, announced on Twitter: “It is time for Adobe to announce the end-of-life date for Flash…” As far back as 2010, Steve Jobs predicted the end of Flash: “Flash is no longer necessary to watch video or consume any kind of web content… Flash isn’t necessary for tens of thousands of developers to create graphically rich applications, including games. New open standards created in the mobile era, such as HTML5, will win on mobile devices.”

If you don’t require Flash player for important tasks, uninstalling the program would increase your online security. If you require Flash you can download the latest critical update here: https://helpx.adobe.com/security/products/flash-player/apsb16-10.html