Emergency patch fixes Adobe Flash flaw
Adobe has released an emergency patch for a flaw in its Flash software that was being widely exploited by thieves.
The patch stops the flaw being exploited on some versions of Windows, Apple and Linux operating systems.
In addition, it is investigating reports that another previously unknown flaw is being used in a popular cybercrime kit sold online.
The kit is favoured by gangs who use malicious programs that demand a ransom after it encrypts important files.
Adobe's Flash player is used on many websites to show video and other multimedia content.
Although the flaw was present on older versions of Flash used on different operating systems, analysis suggests that it was being most widely abused through the Internet Explorer browser on Windows machines.
On these devices it was being used to get round separate security measures introduced by Microsoft that tried to stop malware working out where in a computer's memory it could find useful data.
The other new flaw Adobe is investigating has appeared in the Angler exploit kit that many cyber-thieves have adopted. Security researchers said this flaw was being widely used in booby-trapped adverts to compromise vulnerable computers.
Once the malware lands on a machine it then tries different tactics to help its creators cash in. It can scramble files and demand a ransom; seek out banking details or hijack ads on webpages as people browse.
Adobe said it hoped to produce a patch for this other flaw next week as the latest emergency patch did not fix it.
A report by networking giant Cisco said Angler was the most widely used exploit kit during 2014. It attributed its popularity to its use of a wide range of vulnerabilities found in Flash, Java, Internet Explorer and other Microsoft programs.
Figures gathered by security firm Trustwave suggest that three of the top four exploits abused by cybercrime groups take advantage of flaws in Adobe's Flash, Acrobat and Reader programs.