Adobe has issued Flash Player security updates for OS X, Windows, Linux, and Chrome OS to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system" by way of ransomware.
Ransomware is a type of malware that encrypts a user's hard drive and demands payment in order to decrypt it. These type of threats often display images or use voice-over techniques containing instructions on how to pay the ransom.
In this particular "CERBER" attack (via Reuters), affecting Flash-based advertisements, attackers have reportedly demanded between around $500 and $1,000, to retrieve the encrypted files. Adobe says it is aware of Windows 10 being "actively exploited" by this attack, but it is unclear if any Macs have actually been victimized. Just last month, popular BitTorrent client Transmission was temporarily infected with the first ransomware found on the Mac platform.
Currently, all servers hosting these malvertisements are now inaccessible. Some reports mentioned that CERBER is being peddled in the Russian underground market as ransomware-as-service (RaaS). This not only proves the suggestion presented by the configuration file’s code above, but also confirms that we will be seeing more of CERBER in the near future.
Adobe recommends that Flash Player users on Mac update to version 220.127.116.11 through the update mechanism within the software when prompted, or by visiting the Adobe Flash Player Download Center. Adobe Flash Player installations within Chrome, Microsoft Edge, and Internet Explorer for Windows 8.1 or later should be automatically updated with the latest version of each browser. This is the second critical Flash Player security update for OS X and other platforms in the span of one month.