Adobe announced on their website yesterday that they have received word about a vulnerability in Adobe Flash Player 10.1.92.10 for Android, as well as similar versions for Windows, Macintosh, Linux, and Solaris. The vulnerability may allow an individual attacking your computer to gain control of the device's system.
[UPDATE] The security flaw for Android is now fixed, according to Android Central.
Adobe Acrobat and Reader are also vulnerable, but Adobe says that they are not aware of any attacks exploiting them. A fix for the "cirtical vulnerability" is being finalized right now for Adobe Flash Player, and they expect to have it ready "during the week of September 27, 2010." Adobe Acrobat and Reader are expected to receive a fix "during the week of October 4, 2010."
Android Central advises Android users with Adobe Flash Player to "be on the lookout for an update", even though we haven't heard anything yet regarding attacks on Android devices. Android Central also believes that "this likely has potential to exploit and root an Android phone much like was used on the Evo 4G a while back."
Below is a list of the software verisons at risk:
- Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android
- Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
Phandroid does some pondering over the whole situation:
Scary stuff. I’m sure we’ll be fine until Adobe gets this rolled out to everyone, but it’s one of those things that makes you think. And after you think, you quickly forget about it as you head on back to Kongregate to play more Flash games.
Image from Phandroid