Adobe has issued security updates for Flash Player for main operating systems, such as Windows, Chrome OS, Linux, as well as Mac OS X to address critical vulnerabilities that would allow attackers to take control over a computer system by way of ransomware—a type of malware that encrypts a certain computer’s hard drive and then demands payment in exchange for the decryption code. Most of the time, this type of threat uses voice-over techniques or displays images that contain instructions on how to pay the ransom.
Just last month, there were reports of a particular attack, known as Cerber, that affected some advertisements based on Flash, where the attackers demanded between five hundred to a thousand dollars to retrieve the encrypted files. According to Adobe, they were aware of Windows 10 being exploited actively by the malware, but they did not clearly state that if any Mac computer has actually been victimized. However, it was then reported that the popular BitTorrent client, Transmission, was temporarily infected with the first-ever ransomware on the Mac platform. Now, many of the servers that hosted those infected ads are inaccessible. It is said that Cerber is being traded in the Russian underground market as “ransomware-as-service” or RaaS. This means that we will certainly be seeing more of such ransomware in the near future.
Adobe suggests that users of Flash Player on Mac computers should update to the version 184.108.40.206 by visiting the Adobe Flash Player Download Center or through the update mechanism within the freeware when you are prompted. This is known as the second critical Flash security update for OS X (and other operating systems) in the span of 1 month.
Critical Security Vulnerability on Mac
Adobe is aware of the limited targeted attacks operating systems, such as the OS X and Linux. However, considering that this can happen, Mac users are advised to immediately uninstall the web plug-in or update their installation to the newest version when the software is infected. As part of the effort to minimize the risk of ransomeware, Apple has blocked many vulnerable or older versions of web plug-ins from functioning, and these include the Adobe Flash. Web plug-ins even remained blocked in Safari until the latest updates are installed.
If you want a list of the affected Adobe Flash Player and AIR versions, you can check out the company’s security bulletin on their website. More news and information on the Adobe Flash Player for Mac can be found here.