1. DroidForums.net is currently undergoing a major software upgrade. If you are experiencing any problems logging in please: Contact Us

ALERT!! Adobe Flash Zero Day Vulnerability

Discussion in 'Android News' started by Martin030908, Sep 14, 2010.

  1. Martin030908
    Offline

    Martin030908 Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,805
    Likes Received:
    0
    Trophy Points:
    0
    [​IMG]

    As Martin030908 reported earlier, there is currently a vulnerability in Adobe Flash that is present on all platforms. Windows seems to be taking the hits right now but it is possible that Android could be a target down the road. For now we suggest disabling flash until a fix is available.

    Adobe has the following to say about a fix.


    Original post below --

    Apparently there is a vulnerability within Adobe Flash that affects Android among other OS's.

    Adobe - Security Advisories: APSA10-03 - Security Advisory for Flash Player

    Droid 2 Forum - Droid Forum - Verizon Droid & the Motorola Droid Forum

    Adobe Flash Player zero-day under attack | ZDNet

    Adobe Flash Zero Day Puts Android Smartphones at Risk - Yahoo! News

    (Edited and Updated by JohnDroid and AranScott)
  2. cereal killer
    Offline

    cereal killer Administrator Staff Member

    Joined:
    Oct 29, 2009
    Messages:
    11,016
    Likes Received:
    634
    Trophy Points:
    113
    Location:
    Austin, TX
    Was in beta forever and then they release it with a HUGE vulnerability. Way to go Adobe.

    An Adobe spokesperson contacted me and shared that, "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android operating systems.

    In a nutshell, the critical flaw could be exploited to crash the affected system, or may even allow an attacker to gain access and control it to execute additional malicious software. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player,
  3. Ej4
    Offline

    Ej4 New Member

    Joined:
    Apr 5, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    0
    Steve Jobs is giggling
  4. RW-1
    Offline

    RW-1 New Member

    Joined:
    Nov 29, 2009
    Messages:
    2,255
    Likes Received:
    1
    Trophy Points:
    0
    Location:
    Nazareth, PA
    Oh noooooooooooo!

    Oh, wait a minute. Since it is on demand on my browser, I say - meh.
  5. Martin030908
    Offline

    Martin030908 Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,805
    Likes Received:
    0
    Trophy Points:
    0
    Now the question... uninstall Adobe Flash Player until a fix is issued or keep it?
  6. DF Smod
    Offline

    DF Smod New Member

    Joined:
    Apr 23, 2010
    Messages:
    11,477
    Likes Received:
    93
    Trophy Points:
    0
    Well that version that C/K mentions is not the Market Version so if they have moved past it then great, that is what new versions are for, to work out bugs.
  7. DF Smod
    Offline

    DF Smod New Member

    Joined:
    Apr 23, 2010
    Messages:
    11,477
    Likes Received:
    93
    Trophy Points:
    0
    Market Version Number is 10.1.92.10
  8. OSX2000
    Offline

    OSX2000 New Member

    Joined:
    Apr 6, 2010
    Messages:
    336
    Likes Received:
    1
    Trophy Points:
    0
    So the bug's only in 10.1.82.76 and earlier?

    10.1.92.8 is the latest version on Adobe's site, and 10.1.92.10 is what's currently in the Market, so hopefully we're already in the clear.
  9. Martin030908
    Offline

    Martin030908 Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,805
    Likes Received:
    0
    Trophy Points:
    0
    Good details.

    Either means the issue is with the later versions or they just happened to find it in the newer ones.... we'll have to wait and see what Adobe issues to fix this.
  10. kennydied23
    Offline

    kennydied23 Member

    Joined:
    Mar 21, 2010
    Messages:
    595
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Cincinnati, OH
    If you click on the first link in the OP it says:

    "Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android"
  11. Martin030908
    Offline

    Martin030908 Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,805
    Likes Received:
    0
    Trophy Points:
    0
    What I thought, which leads me to believe they only 'found' this in the newer versions, but it's existed all along.
  12. TheOldFart
    Offline

    TheOldFart New Member

    Joined:
    Nov 26, 2009
    Messages:
    963
    Likes Received:
    27
    Trophy Points:
    0
    Location:
    New York State
    Good catch. The version on my Droid is 10.1.92.10. It is 10.1.82.76 on my PC. According to Adobe, that is the latest PC version.
  13. srroos
    Offline

    srroos New Member

    Joined:
    Mar 30, 2010
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    0
    Those are indeed the latest versions, along with Adobe Reader 9.3.4.

    I have uninstalled Flash for now, but my roommate with a non-rooted EVO can't uninstall it since it is a system application. Not cool.
  14. Malvado
    Offline

    Malvado DF News Team/Mod Premium Member

    Joined:
    Nov 7, 2009
    Messages:
    1,993
    Likes Received:
    15
    Trophy Points:
    38
    actually i dont see the latest version of FLASH listed as vulnerable so idk
  15. EvilDobe
    Offline

    EvilDobe New Member

    Joined:
    Apr 12, 2010
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    No way.. an Adobe product with a vulnerability?? I would be shocked if they ever released a product without one. I'm leaving Flash on my phone because if we wait until Adobe releases a secure product we'll never get Flash on our phones. If you're concerned with Adobe and vulnerabilities you may as well remove it from your computers too.
  16. TheOldFart
    Offline

    TheOldFart New Member

    Joined:
    Nov 26, 2009
    Messages:
    963
    Likes Received:
    27
    Trophy Points:
    0
    Location:
    New York State
    I finally read the release by Adobe. This includes all versions of Flash for PC, Mac and Android phones. It not only in for 10.1.82.76 on the PC and Mac, but also 10.1.92.10 for Android. That is the latest market version. Not only Flash, but also all versions of Adobe Reader are affected. Now who doesn't have Flash and Reader on their PC or Mac. So are we supposed to uninstall all Flash and Reader programs, apps, plug-ins from all of our devices? I have tons of pdf files on my PC and a bunch on my Droid too. I uninstalled Flash on my Droid, as it only takes a minute to reinstall it later, but I don't really want to uninstall everything from my 3 family notebooks.
  17. TheOldFart
    Offline

    TheOldFart New Member

    Joined:
    Nov 26, 2009
    Messages:
    963
    Likes Received:
    27
    Trophy Points:
    0
    Location:
    New York State
    From Adobe (first link listed by the OP):

    "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh."
  18. KevinJ
    Offline

    KevinJ Member

    Joined:
    Dec 24, 2009
    Messages:
    363
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Earth
    Last time there was a reported vulnerability in Acrobat/Reader it had to do with javascript, and all you had to do was go into preferences and disable it.

    Since I don't know what's wrong with it this time, there might not be a workaround.

    My phone's safe, because I never installed Flash on it. Didn't miss it before, didn't see a reason to have it now. :D
  19. EvilDobe
    Offline

    EvilDobe New Member

    Joined:
    Apr 12, 2010
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    0
    I wouldn't worry about it too much. I'm sure you have other mitigating factors to help lower your risk in place (firewall/antivirus/router) on your home PC. Adobe will fix this release & the next will be just as bad if not worse.
  20. Joker
    Offline

    Joker New Member

    Joined:
    Apr 10, 2010
    Messages:
    266
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    BFE
    Just got a txt from VZW stating that I was sent the android 2.2 update including Adobe Flash 10.1. As I never actually downloaded it from the marketplace, does this mean I already have it install? I was under the impression that 2.2 just gave the capability to have it if I wanted it.

    If it means I have it installed, is there a place I could go to uninstall it?

    Thanks