Adobe announced a "critical vulnerability" in the Flash 10.1 platform for all OS's, including Android, yesterday. While this is an extremely common occurrence (I use it to mark the new moon), it is a little troubling to know that Adobe's infamously-insecure plug-in could be giving evil-doers unsolicited access to Android devices running Flash.
While Adobe was not clear on exactly what malicious activity the exploit could allow on Android devices, the typical "control of a user's system" language is used when describing the implications of the problem. Here's Adobe's full release on the issue, which they hope to resolve by September 27th:
Security Advisory for Flash Player
Release date: September 13, 2010
Vulnerability identifier: APSA10-03
CVE number: CVE-2010-2884
A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android.