Over the last few days we've seen reports of in-the-wild attacks against a zero-day flaw in Adobe's Flash Player. According to the company, the vulnerability exists in Flash Player 10.1.82.76 (Windows, Mac, Linux, Solaris, Android) and earlier versions, however it also affects Adobe Reader 9.3.4 (Windows, Mac, Unix) and earlier, and Adobe Acrobat 9.3.4. (Windows, Mac) and earlier.
"This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security advisory dated for September 13. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows."
As indicated, Android devices could be affected by the issue. Thanks to the latest Android update--version 2.2 (Froyo)--consumers can now enjoy the full benefits of Adobe Flash on their Android devices. While the support for Flash-based content on the Internet is certainly a welcome one, the security problems associated with Flash is not.
The current version of Flash Player sitting on the Android Market is v10.1.92.10, weighing at 4.23 MB before installation, and a meatier 12.39 MB after installation (with no SD card support). Currently there are no reports of Android devices being affected by the issue, nor is there any indication that the recent Flash Player update for Android patches the security hole.
Adobe is expected to push a fix "into the wild" for all platforms in about two weeks. Android consumers not wanting to deal with security risks that accompany Flash can simply uninstall the Flash Player and go about their business. Users are still encouraged to download and install security software for their devices such as Lookout Antivirus, Antivirus Pro, and other security apps.