ALERT!! Adobe Flash Zero Day Vulnerability

[Martin030908]

As Martin030908 reported earlier, there is currently a vulnerability in Adobe Flash that is present on all platforms. Windows seems to be taking the hits right now but it is possible that Android could be a target down the road. For now we suggest disabling flash until a fix is available.

Adobe has the following to say about a fix.

We are in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player for Windows, Macintosh, Linux, Solaris, and Android operating systems during the week of September 27, 2010. We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.

Original post below --

Apparently there is a vulnerability within Adobe Flash that affects Android among other OS's.

Adobe - Security Advisories: APSA10-03 - Security Advisory for Flash Player

Droid 2 Forum - Droid Forum - Verizon Droid & the Motorola Droid Forum

Adobe Flash Player zero-day under attack | ZDNet

Adobe Flash Zero Day Puts Android Smartphones at Risk - Yahoo! News

(Edited and Updated by JohnDroid and AranScott)

 

[cereal killer]

Was in beta forever and then they release it with a HUGE vulnerability. Way to go Adobe.

An Adobe spokesperson contacted me and shared that, "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android operating systems.

In a nutshell, the critical flaw could be exploited to crash the affected system, or may even allow an attacker to gain access and control it to execute additional malicious software. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player,

 

[Ej4]

Steve Jobs is giggling

 

[RW-1]

Oh noooooooooooo!

Oh, wait a minute. Since it is on demand on my browser, I say - meh.

 

[Martin030908]

Now the question... uninstall Adobe Flash Player until a fix is issued or keep it?

 

[DF Smod]

Well that version that C/K mentions is not the Market Version so if they have moved past it then great, that is what new versions are for, to work out bugs.

 

[DF Smod]

Market Version Number is 10.1.92.10

 

[OSX2000]

So the bug's only in 10.1.82.76 and earlier?

10.1.92.8 is the latest version on Adobe's site, and 10.1.92.10 is what's currently in the Market, so hopefully we're already in the clear.

 

[Martin030908]

Market Version Number is 10.1.92.10

Good details.

Either means the issue is with the later versions or they just happened to find it in the newer ones.... we'll have to wait and see what Adobe issues to fix this.

 

[kennydied23]

Market Version Number is 10.1.92.10

If you click on the first link in the OP it says:

"Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android"

 

[Martin030908]

Market Version Number is 10.1.92.10

If you click on the first link in the OP it says:

"Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android"

What I thought, which leads me to believe they only 'found' this in the newer versions, but it's existed all along.

 

[TheOldFart]

Well that version that C/K mentions is not the Market Version so if they have moved past it then great, that is what new versions are for, to work out bugs.

Good catch. The version on my Droid is 10.1.92.10. It is 10.1.82.76 on my PC. According to Adobe, that is the latest PC version.

 

[srroos]

Good catch. The version on my Droid is 10.1.92.10. It is 10.1.82.76 on my PC. According to Adobe, that is the latest PC version.

Those are indeed the latest versions, along with Adobe Reader 9.3.4.

I have uninstalled Flash for now, but my roommate with a non-rooted EVO can't uninstall it since it is a system application. Not cool.

 

[Malvado]

Now the question... uninstall Adobe Flash Player until a fix is issued or keep it?

actually i dont see the latest version of FLASH listed as vulnerable so idk

 

[EvilDobe]

No way.. an Adobe product with a vulnerability?? I would be shocked if they ever released a product without one. I'm leaving Flash on my phone because if we wait until Adobe releases a secure product we'll never get Flash on our phones. If you're concerned with Adobe and vulnerabilities you may as well remove it from your computers too.