Adobe announced a "critical vulnerability" in the Flash 10.1 platform for all OS's, including Android, yesterday. While this is an extremely common occurrence (I use it to mark the new moon), it is a little troubling to know that Adobe's infamously-insecure plug-in could be giving evil-doers unsolicited access to Android devices running Flash.

While Adobe was not clear on exactly what malicious activity the exploit could allow on Android devices, the typical "control of a user's system" language is used when describing the implications of the problem. Here's Adobe's full release on the issue, which they hope to resolve by September 27th:

Security Advisory for Flash Player

Release date: September 13, 2010

Vulnerability identifier: APSA10-03

CVE number: CVE-2010-2884

Platform: All


A critical vulnerability exists in Adobe Flash Player and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player for Android.

Read More