Flash Player Zero-Day Could Affect Android Too
Android owners with Froyo installed get both the positive and negative aspects of Adobe Flash.
Over the last few days we've seen reports of in-the-wild attacks against a zero-day flaw in Adobe's Flash Player. According to the company, the vulnerability exists in Flash Player 10.1.82.76 (Windows, Mac, Linux, Solaris, Android) and earlier versions, however it also affects Adobe Reader 9.3.4 (Windows, Mac, Unix) and earlier, and Adobe Acrobat 9.3.4. (Windows, Mac) and earlier.
"This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security advisory dated for September 13. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows."
As indicated, Android devices could be affected by the issue. Thanks to the latest Android update--version 2.2 (Froyo)--consumers can now enjoy the full benefits of Adobe Flash on their Android devices. While the support for Flash-based content on the Internet is certainly a welcome one, the security problems associated with Flash is not.
The current version of Flash Player sitting on the Android Market is v10.1.92.10, weighing at 4.23 MB before installation, and a meatier 12.39 MB after installation (with no SD card support). Currently there are no reports of Android devices being affected by the issue, nor is there any indication that the recent Flash Player update for Android patches the security hole.
Adobe is expected to push a fix "into the wild" for all platforms in about two weeks. Android consumers not wanting to deal with security risks that accompany Flash can simply uninstall the Flash Player and go about their business. Users are still encouraged to download and install security software for their devices such as Lookout Antivirus, Antivirus Pro, and other security apps.
- Consumer Reports Gives Apple Thumbs Down #2
- Galaxy Tab, 6 WP7 Phones Launching Q4 on AT&T
- Amazon Makes Fun of iPad's Reflective Display
- Walmart Launches Post-pay Wireless Cell Service
- Boy Banned from US After Drunk-emailing Obama
- VCast Apps Google/Verizon Romance Going Sour?
- iPhone 5 Will Use Qualcomm Chipset?
- McAfee: Using ''Free'' In Search Attracts Malware
- Want To Nuke A Website? A Botnet For Hire
- Google Me Confirmed for Possible Fall Launch?
- Nokia Launches 3 New Phones: the C6, C7 and E7
- Google Engineer Fired for Spying on Teenagers
- HTC Announces 2 New 'Desirable' Android Phones
- Nokia Slaps HTC in the Face With 'Survival Kits'
- Logitech Revue Will Be First Google TV Device
- Sony: Apple Devices Aren't a Threat
- PS3 Gets Official 3D Blu-ray Playback Next Week
- Adobe Launches 64-Bit Flash Player ''Preview''
- Bugatti Electric Supercar in the Works
Sounds to me like an excuse for Jobs to still order no Flash support for iPhone.....
Haha...you mean turn it into an iPhone?
Yup, Android is definitely dedicated to "bringing the full PC experience" alright: now users can enjoy the delightful "experience" of having to "mess"?? around with antivirus software and the resulting battery drain.
Pls keep the language clean ...
Come on Adobe, fix your flash for good!
I think of all the major software companies Adobe has the worse optimized and least secure softwares.
Actually no. Oracle, Apple and Microsoft comes first.
Pei-chen is correct. Adobe products (especially lame ducks using their plug-ins in the Browsers) does have lot of bugs, unfortunately your Firewalls always allow those programs
Flash needs to be either replaced by Gnash or html5 or just open-sourced. Too many bugs, security problems, lack of porting to other platforms, and 64-bit support still isn't ready.