Vulnerability in Flash was used to spread ransomware
The recently discovered zeroday in Flash, for which Adobe released a patch on Thursday, is used in Magnitude EK. This exploit kit is used, among other things, to distribute the Locky and Cerber ransomware.
Adobe announced on Wednesday that there is a critical vulnerability in Flash and released a patch on Thursday. The software maker also said that the zeroday, identified as CVE-2016-1019, was actively being abused. Security researchers at Proofpoint have now revealed that the vulnerability was used to infect computers with ransomware.
This would include Locky, a new ransomware variant that has made many victims in recent months. The Cerber ransomware that ‘talks’ to its victims is also distributed using Magnitude EK. The exploit code that uses the zeroday in the Flash Player would also be found in another exploit kit called Nuclear Pack. However, the zero-day would not have been used to spread malware through this tool for malicious parties.
Initially, Adobe stated that only users of Windows XP and Windows 7 were vulnerable, but the company later amended the warning. Windows 10 users were also vulnerable, but only if they were using an older version of the Flash Player. Adobe released a patch on Thursday that fixes the critical vulnerability. Systems that are not provided with the update remain vulnerable.