Adobe Flash zero day puts Android smartphones at risk

Adobe announced yet another zero day flaw in Adobe Flash, potentially affecting Android smartphones

Adobe revealed a critical zero day flaw in Adobe Flash--the second in less than a week. The vulnerability extends even to Adobe Flash on the Android mobile OS, supporting at least one of the reasons laid out by Steve Jobs for not allowing Flash on the iPhone and iPad.

An Adobe spokesperson contacted me and shared that, "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh."

In a nutshell, the critical flaw could be exploited to crash the affected system, or may even allow an attacker to gain access and control it to execute additional malicious software. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player, but Adobe is not aware of any attacks exploiting it against Adobe Reader or Acrobat thus far.

The Adobe spokesperson explained, "Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date."

Those best practices are long established among the traditional desktop computing platforms, but users running Adobe Flash on Android smartphones may be left wondering exactly which "best practices" will protect them. Smartphones have grown into palm-based portable computers--with processing power and storage space significant enough to be a worthy target--but smartphone security is not as evolved as its desktop and notebook counterparts.

As Microsoft has improved its software development processes and implemented new security controls in the Windows operating system and other applications, attackers have looked elsewhere to find the chinks in the armor. Adobe has emerged as the virtually ubiquitous low-hanging fruit--with security practices that are not as mature as Microsoft's, and software with potentially exploitable weaknesses available on pretty much every platform out there.

The iPhone and iPad stand uniquely apart from other smartphone and tablet platforms thanks to Apple's very public rejection of Adobe Flash for iOS. While the real reasons probably have more to do with iAd and wanting to exert tighter control over the developer community, security is also a concern that has been cited. Zero day flaws like this one, which potentially impact Android smartphones running Adobe Flash, seem to illustrate the wisdom of that choice.

The Adobe security advisory states, "We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GoogleAndroidflashPhonesconsumer electronicsiphone 4Adobe SystemsCell Phones

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Tony Bradley

PC World (US online)
Show Comments

Essentials

Brother MFC-L3745CDW Colour Laser Multifunction

Learn more >

Mobile

Exec

Sony WH-1000XM4 Wireless Noise Cancelling Headphones

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?