LONDON — Got Adobe Flash Player? Update it now.
Adobe has released an emergency update to its Flash Player after security researchers discovered a bug that allows attackers to take over and then crash users’ machines.
In a statement, Adobe called the flaw a “critical vulnerability” and urged users to update as soon as possible.
Proofpoint, a computer security firm, was one of three researchers to identify the flaw, which allows ransomware to be installed on computers that visit an infected website.
Ramsomware typically encrypts users’ files and demands payment in return for unlocking them.
Adobe said it appeared that the flaw was being actively exploited on systems running Windows with Flash Player version 18.104.22.1686 or earlier.
Adobe didn’t say how many users had been affected by the attacks, but Flash Player runs on more than 1 billion connected desktops worldwide.
Flash Player is widely used for watching videos, animations and other multimedia. Flash plug-ins for every major web browser and operating system are available for free.
This is not the first time Adobe software has been targeted. The worst attack came in 2013, when hackers managed to access personal data for nearly 3 million customers.