Hackers seeking to leverage a zero-day vulnerability in Adobe Flash made a mess of integrating the flaw into exploit kits, giving users more time to patch vulnerable systems.
According to Malwarebytes security researcher Jerome Segura, the botched integration of an exploit for the Flash zero-day vulnerability CVE-2016-1019 has significantly reduced the pool of potential victims.
Last week, Adobe deployed an emergency patch for the security issue, which impacts users of Windows, Mac, Linux and Chrome operating systems.
If exploited correctly, the type confusion vulnerability has the scope to impact millions of Adobe Flash users, crashing systems or providing the avenue for complete system hijacking.
However, as Segura notes, another saving grace for users is the fact that Adobe also mitigated the problem in Flash Player 18.104.22.168 and 22.214.171.124, preventing the security flaw being fully exploited, leading to only a crash.
Malwarebytes says that the Magnitude exploit kit has been using CVE-2016-1019 in malvertising campaigns -- the deployment of fraudulent and malicious ads across advertising networks designed to dupe users into visiting malicious domains containing the kit -- "for some time."
If a user views a dodgy advert and visits a domain controlled by such a cyberattacker, the exploit kit will use the vulnerability to download the Cerber ransomware.
Once Cerber has infected a vulnerable system, the malware locks users out of their PC, encrypts files and demands between $520 - $1040 to restore functionality.
Users of Adobe Flash should update their systems as soon as possible to protect themselves against this threat.
Read on: Top picks
- How to increase your Bitcoin mining profit by 30 percent with less effort
- SMS Android malware roots and hijacks your device - unless you are Russian
- Bug bounties: Which companies offer researchers cash?
- Shodan: The IoT search engine privacy messenger
- What happens when you leak stolen bank data to the Dark Web?