Adobe issued a security update on April 7 that addresses 24 of what the software maker calls “critical vulnerabilities” in its Flash Player that could allow intruders to take control of a victim’s computer.
The vulnerability affects Adobe Flash running on Windows, Mac, Linux, and Chrome OS operating systems. Trend Micro, one of the companies involved in spotting the issue, said that the vulnerability was found to be spreading what’s been called the “Locky ransomware.” Ransomware is a type of malware (malicious software) that essentially holds a victim’s computer hostage. The attacker typically blocks off access to the system until a sum of money is paid over the Internet.
Adobe is urging users to update their Flash Player as quickly as possible. To do this, right click on Flash content in your browser and select “About Adobe Flash Player” to see which version you’re running. You can also check this by navigating to Adobe’s version information page here. This will tell you if your computer is running an outdated version edition of Flash.
Current version of Adobe Flash is 18.104.22.168 for Windows and Macintosh, and 22.214.171.1246 on Linux. So if your version is older, you should update to the latest version. As usual, the Flash Player build bundled with Google Chrome on all platforms, Microsoft Edge and Internet Explorer for Windows 10 and IE for Windows 8.1 will be upgraded automatically through the update mechanisms of those browsers.
Adobe notes that the vulnerability has been actively exploited on devices running Windows 10 and earlier with Flash Player version 126.96.36.1996 and earlier.