Update your Flash Player if you don’t want ransomware

“It didn’t take long for exploit kit authors to incorporate an exploit for the recently discovered zero-day Adobe Flash vulnerability (CVE-2015-3113) into their malicious wares.

According to malware researcher Kafeine, the Magnitude exploit kit has been successfully exploiting Flash 18.0.0.160 on IE11 in Windows 7 since Saturday, only four days after the flaw was patched by Adobe with an out-of-band update.

Magnitude EK is currently dropping Cryptowall ransomware onto unsuspecting users.

Magnitude EK authors have lately been swift at implementing exploits for Flash Player bugs. It’s only a matter of time until other developers add this latest exploit to their kits.

According to the numbers provided to me by Secunia, on Friday, June 26, some 95 percent of global users have a version of Adobe Flash installed, and 55 percent of these users have an unpatched version of Flash. The latter percentage is a bit lower in the US (50%).

These numbers are huge, and it’s easy to see why Flash Player vulnerabilities are loved by cyber crooks.

If you haven’t already, patch you Flash Player installation immediately. Adobe Flash Player installed with Google Chrome and with Internet Explorer on Windows 8.x will automatically update to the latest version, but standalone installations won’t if you haven’t set them up to update themselves automatically.

It’s also a good idea to consider removing Flash Player altogether from you machine, if you don’t have much use for it. You can always enable the click-to-play feature present in popular web browsers in order to minimize the risk.”