12
Apr
adobeflashplayer_20100610172112

With a great plugin comes great responsibility - to avoid malicious Flash files, that is. A zero-day exploit has been discovered in Adobe Flash that affects all Android versions of the software, Adobe announced today.

The most common vessel for the exploit is (fortunately) a Microsoft document (.doc) email attachment with an embedded Flash file (.swf) - and I'm not aware of any Word document viewers/editors in Android that support embedded Flash. Once the Flash file is executed, the exploiter can run malicious code on the target device. How, or whether, this could affect Android is unknown.

Still, it's important to remember that Adobe's products, ever the target of hackers and shady enterprise, share common elements across operating systems - including, at times, potentially dangerous flaws and exploits.

Presumably, Adobe will be releasing an update to all affected platforms. Given the "Critical" level that Adobe has assigned to the flaw, it'll probably come relatively quickly, too.

Adobe Security Bulletin

David Ruddock
David's phone is whatever is currently sitting on his desk. He is an avid writer, and enjoys playing devil's advocate in editorials, and reviewing the latest phones and gadgets. He also doesn't usually write such boring sentences.

  • http://www.boundlesstechnical.com/ Christina

    Hopefully, they will resolve this problem quickly. I never believe there is no cause for concern. Call me over cautious.

  • http://schpydurx.livejournal.com ProfessorTom

    You can't have it both ways like you do in your headline. Either this is a critical vulnerability or it isn't. The fact that in the same headline you claim there is no cause to worry thus downgrades this security breach to the level of simple bug.

    Words mean things.

    • David Ruddock

      I don't see how that's true at all. The vulnerability itself has been classified by Adobe as "Critical" - that is the terminology they use, and that classification applies to the exploit on all platforms.

      It is the fact that the mechanism for delivery is unlikely to work on Android device that lowers the cause for concern.

      By that logic a class 5 tornado in the middle of Antarctica cannot be both potentially deadly and also unlikely to result in any deaths.

      • http://schpydurx.livejournal.com ProfessorTom

        Yeah, I was wondering if that was Adobe's lingo. Since that's the case, I will concede the point that your headline is accurate, but words are getting in the way of what you are trying to say.

        This leads me to a gripe about our industry: with superlatives heaved upon everything, it's a wonder that consumers or professionals alike have a clue of the State of the Product. For instance, if Adobe thinks that this is a critical vulnerability (which, to them, it damn well should be) that's one thing. But how should tech journalists report this news without wasting words?

        We need attention-grabbing superlatives to alert us to the truly detrimental, but at the same time we need to filter out the noise.

        Thoughts?

    • Kane

      I kind of see your point but I have to agree with David on this one.

  • johnny99

    Critical for Adobe if it affects all platforms. Less critical for Android users.

  • kimberly

    Mo.more flas!!!! Html5...... ;) just kidding. I don't know how to program and I love flash for my website... thank god for drag.and.drop.

Quantcast