Newly patched Flash Player bug exploited to deliver crypto ransomware
“It took less than a week for a functional exploit for a recently patched Adobe Flash Player vulnerability to be added to the Magnitude exploit kit, Trend Micro researchers warn.
“We saw a similar incident in March, where exploits for an Adobe Flash Player vulnerability were added to the Nuclear Exploit Kit just a week after the patch was released,” they noted.
Users are urged to update their Flash Player as soon as possible to the latest version (v18.0.0.160) pushed out on June 9, as it solves the vulnerability in question (CVE-2015-3105).
Until they do, they are at risk of getting infected with CryptoWall 3.0, which is the latest malware to be slinged at users via the popular exploit kit.
Users in US, Canada, and the UK are most at risk, followed by users from several European countries, Australia and India.
Flash Player has lately been targeted more frequently by exploit kits, and this situation is likely to continue.
“We recommend that users stay up-to-date with the latest Flash Player version, and this incident is an excellent reminder of just how important it is to do so. We also note that Google Chrome automatically updates its own included version of Flash Player,” they added.”