Adobe Flash zero day puts Android smartphones at risk

Adobe announced yet another zero day flaw in Adobe Flash, potentially affecting Android smartphones

Adobe revealed a critical zero day flaw in Adobe Flash--the second in less than a week. The vulnerability extends even to Adobe Flash on the Android mobile OS, supporting at least one of the reasons laid out by Steve Jobs for not allowing Flash on the iPhone and iPad.

An Adobe spokesperson contacted me and shared that, "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh."

In a nutshell, the critical flaw could be exploited to crash the affected system, or may even allow an attacker to gain access and control it to execute additional malicious software. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player, but Adobe is not aware of any attacks exploiting it against Adobe Reader or Acrobat thus far.

The Adobe spokesperson explained, "Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date."

Those best practices are long established among the traditional desktop computing platforms, but users running Adobe Flash on Android smartphones may be left wondering exactly which "best practices" will protect them. Smartphones have grown into palm-based portable computers--with processing power and storage space significant enough to be a worthy target--but smartphone security is not as evolved as its desktop and notebook counterparts.

As Microsoft has improved its software development processes and implemented new security controls in the Windows operating system and other applications, attackers have looked elsewhere to find the chinks in the armor. Adobe has emerged as the virtually ubiquitous low-hanging fruit--with security practices that are not as mature as Microsoft's, and software with potentially exploitable weaknesses available on pretty much every platform out there.

The iPhone and iPad stand uniquely apart from other smartphone and tablet platforms thanks to Apple's very public rejection of Adobe Flash for iOS. While the real reasons probably have more to do with iAd and wanting to exert tighter control over the developer community, security is also a concern that has been cited. Zero day flaws like this one, which potentially impact Android smartphones running Adobe Flash, seem to illustrate the wisdom of that choice.

The Adobe security advisory states, "We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010."

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityGoogleAndroidflashPhonesconsumer electronicsiphone 4Adobe SystemsCell Phones

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?