Adobe Flash has a security flaw that has gone unpatched. The flaw was noted by an Italian security firm some time ago, but kept secret. Adobe is working on a fix for the flaw though nothing has been done to protect the program yet.
The flaw is currently being used by hackers to attack user computers, and to leak more than 400GB of data from Adobe’s servers.
The Damage
While Adobe claims that the company is working on a plan to patch the flaw, the company warns that any system that does come under attack could be completely compromised. If this happens, a hacker could take completely control of a system. This currently means that a number of hackers will use the flaw to their advantage before it is fixed by Adobe.
What does this particular flaw do? Once hackers have managed to tap into a system, a user’s data will become encrypted. The only way to unlock this encryption is to pay a ransom amount. A pop up screen will demand that amount, and only after the amount has been paid will the user account data be unlocked. So far, many have fallen victim to this hack. So far, hackers have used information gathered about companies to exploit those companies by releasing sensitive data via Twitter and through other social means.
What You Can Do
Until Adobe fixes the flaw, it’s best to be careful about visiting websites that are not trusted. It’s also a good idea to choose the ‘Click to Play’ option instead of letting untrusted or unknown flash files play randomly. Otherwise, those files could be activated without a user knowing, and this could cause more vulnerability.
Why Adobe isn’t fixing this flaw sooner remains to be seen, but company spokespeople have told press that the company is working on the flaw. It could be a while before the flaw is patched completely and all security fears are eliminated. But since hackers are likely building the flaw into various kits, that flaw might not be fixed soon enough. If you do use Adobe Flash, make sure that the program has to ask permission to play a video in order to protect your system from hacks.
Paying the Ransom
If your system has already been hacked into, you may not have a choice but to pay that ransom amount in order to get your account information back. Unfortunately, details of this hack were published too late for many Adobe Flash users to hear about it. This means that a lot of people have already paid hackers a certain amount to obtain locked and encrypted information. If you can avoid using Adobe Flash until the hack is fixed, that’s a good course of action as well.
Adobe has issued a statement letting Flash users know that the company is working on that fix, but nothing has been done so far. If you can’t avoid using Flash, make sure to follow the protective steps listed above. Otherwise, your information could be encrypted and held for ransom.