The latest Flash zero-day was used to spread Cerber ransomware
The latest zero-day vulnerability in Adobe Systems’ Flash player has been used over the last few days to distribute ransomware called Cerber, email security vendor Proofpoint said.
Adobe said it would patch the flaw, CVE-2016-1019, on Thursday. The vulnerability affects all versions of Flash Player on Windows, Mac, Linux and Chrome OS.
Ryan Kalember, senior vice president of cybersecurity at Proofpoint, said his company detected an attack trying to exploit the flaw on Saturday.
One of Proofpoint’s customers received an email with a document that contained a malicious macro that led victims through a series of redirects that eventually reached an exploit kit.