Android Vulnerable to New Flash Player Hacks
Android owners can't even escape a new vulnerability found in Flash Player.
Adobe's latest security bulletin warns that a critical vulnerability exists in the new Flash Player 10.2.152.33 and earlier for Windows, Mac, Linux and Solaris platforms. The vulnerability also exists in the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.1), and earlier 10.x and 9.x versions of Reader and Acrobat for Windows and Macintosh operating systems.
And for those Android users who just couldn't wait for the arrival of Froyo and its built-in support for Flash (cough), the vulnerability also exists in Flash 10.1.106.16 and earlier for the Android platform. Welcome to the Flash club.
According to Adobe, the "CVE-2011-0609" vulnerability could cause a crash and potentially allow an attacker to take control of the affected system/device. So far, Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by the current issue.
"There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment. At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat," the company said. "Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing."
Kaspersky Lab security researcher Roel Schouwenberg said in a blog post that the target must open a malicious XLS file for a vulnerability in Flash to be exploited. "This kind of structure is a perfect setup for targeted attacks," he said. "During testing, the particular exploit was not able to run successfully on Windows 7. It did work on Windows XP. It's likely though a ROP-exploit would be able to exploit this vulnerability under Windows 7."
Although Adobe didn't get into specifics, the company said an update for Flash Player 10.x and earlier will head to Windows, Macintosh, Linux, Solaris and Android during the week of March 21, 2011. An update for Adobe Acrobat X (10.0.1) and earlier, 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.1) for Macintosh, and Adobe Reader 9.4.2 and earlier 9.x versions will be made available that same week.
"Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011," Adobe said.
Owners of the new Motorola XOOM tablet-- which just received Flash Player support-- may want to delay installing Flash until Adobe releases a fix. Then again, all users are warned not to open XLS email attachments that were not requested.
- IE9 Released: 'Beautiful' and Fast
- Ex Sony Exec: Tablets Could Replace Consoles
- AT&T to Impose DSL, U-Verse Usage Caps
- First Dual-Touchscreen Phone Arrives in April
- iPhone 5 Won't Have NFC After All
- Sprint Telling You That Its Unlimited Really Is
- Apple Tweets That White iPhone is Finally Coming
- Final Fantasy MMOs Shut Down in Wake of Quake
- AT&T Does Free Calls to Japan from March 11
- AOL to Cut 900 Jobs with Huffington Post Buy
- Mozilla To Ship Firefox 4 On March 22
- Outdoor Furniture Hides In Pavement
- Butl-R-Bot: The Robotic Kitchen Aid
- Nokia Believes WP7 Move is Very Risky
- Remote Control T-Shirt Controls Your TV
- Creepy Tentacle Doubles as USB Speaker
- BMW To Build 5-Series Hybrid
- Sink Concept Turns Steam to Reusable Water
- Wake Up to the Tea Kettle Alarm Clock
Almost nobody is silly enough to open attachments like those or dangerous websites, but of course those less knowledgeable could unknowingly be infected.
I haven't used Flash for a long time. It's been disabled since I've installed Firefox 3.6. Hope Flash would phase out soon.
Some one please quickly replace Adobe! I can't stand that their products keep having security vulnerabilities given that they are not as complex as an OS, and I am so tired of seeing Flash Player/Reader updates each time I boot up my system or use their products! HTML5, please replace Flash completely ASAP! Someone please replaces the Reader as well!
You have an alternative to Adobe's Reader, like Foxit pdf reader.
You have an alternative to Adobe's Reader, like Foxit pdf reader.
Was just about to say that, then I refreshed guessing somebody would have said that exactly, and you did.
The day we can stop using Flash is the day we have a big win against malware.
Does Android even have native support for .xls files? I have never tried opening one, but i know I havent installed any apps for excel support.
I'm not a big fan of flash but I realy don't see how getting rid of it will get rid of malware. Hackers have fun finding ways to exploite systems at every level and exploits for HTML5 will eventualy make there way out. Some web site are now starting to use HTLM5 add banners. There realy is now way arrond these problems and getting rid of flash will do little to solve any of this.
The day we can stop using Flash is the day we have a big win against malware.
People will just figure out how to exploit some other flaw in the next big thing. It's never going to be a war you can win.
Almost nobody is silly enough... ...those less knowledgeable could unknowingly be infected.
It is because of that reason alone(well, that and irrational consumer fear..) that Norton, and the like have been able to thrive. Everyone thinks they won't be infected. But unfortunately, most people are less knowledgeable and end up compromised. And I fully expect a rather large number to fall victim to this. Number wise.. Not proportional.
Odd I don't see the the people who always complain that the I Phone doesn't run Flash commenting on this article.
not in the next 2 years