ALERT!! Adobe Flash Zero Day Vulnerability

Discussion in 'Android News' started by Martin030908, Sep 14, 2010.

  1. Martin030908
    Offline

    Martin030908 DF Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,773
    Likes Received:
    0
    Trophy Points:
    151
    Ratings:
    +0
    [​IMG]

    As Martin030908 reported earlier, there is currently a vulnerability in Adobe Flash that is present on all platforms. Windows seems to be taking the hits right now but it is possible that Android could be a target down the road. For now we suggest disabling flash until a fix is available.

    Adobe has the following to say about a fix.


    Original post below --

    Apparently there is a vulnerability within Adobe Flash that affects Android among other OS's.

    Adobe - Security Advisories: APSA10-03 - Security Advisory for Flash Player

    Droid 2 Forum - Droid Forum - Verizon Droid & the Motorola Droid Forum

    Adobe Flash Player zero-day under attack | ZDNet

    Adobe Flash Zero Day Puts Android Smartphones at Risk - Yahoo! News

    (Edited and Updated by JohnDroid and AranScott)
     
  2. cereal killer
    Offline

    cereal killer DF Administrator Staff Member

    Joined:
    Oct 29, 2009
    Messages:
    11,164
    Likes Received:
    891
    Trophy Points:
    558
    Location:
    Austin, TX
    Ratings:
    +908
    Current Phone Model:
    Nokia Lumia Icon
    Was in beta forever and then they release it with a HUGE vulnerability. Way to go Adobe.

    An Adobe spokesperson contacted me and shared that, "A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android operating systems.

    In a nutshell, the critical flaw could be exploited to crash the affected system, or may even allow an attacker to gain access and control it to execute additional malicious software. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player,
     
  3. Ej4
    Offline

    Ej4 New Member

    Joined:
    Apr 5, 2010
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Ratings:
    +0
    Steve Jobs is giggling
     
  4. RW-1
    Offline

    RW-1 Silver Member

    Joined:
    Nov 29, 2009
    Messages:
    2,249
    Likes Received:
    1
    Trophy Points:
    103
    Location:
    Nazareth, PA
    Ratings:
    +1
    Oh noooooooooooo!

    Oh, wait a minute. Since it is on demand on my browser, I say - meh.
     
  5. Martin030908
    Offline

    Martin030908 DF Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,773
    Likes Received:
    0
    Trophy Points:
    151
    Ratings:
    +0
    Now the question... uninstall Adobe Flash Player until a fix is issued or keep it?
     
  6. DF Smod
    Offline

    DF Smod Silver Member

    Joined:
    Apr 23, 2010
    Messages:
    11,457
    Likes Received:
    92
    Trophy Points:
    163
    Ratings:
    +92
    Well that version that C/K mentions is not the Market Version so if they have moved past it then great, that is what new versions are for, to work out bugs.
     
  7. DF Smod
    Offline

    DF Smod Silver Member

    Joined:
    Apr 23, 2010
    Messages:
    11,457
    Likes Received:
    92
    Trophy Points:
    163
    Ratings:
    +92
    Market Version Number is 10.1.92.10
     
  8. OSX2000
    Offline

    OSX2000 Member

    Joined:
    Apr 6, 2010
    Messages:
    335
    Likes Received:
    1
    Trophy Points:
    18
    Ratings:
    +1
    So the bug's only in 10.1.82.76 and earlier?

    10.1.92.8 is the latest version on Adobe's site, and 10.1.92.10 is what's currently in the Market, so hopefully we're already in the clear.
     
  9. Martin030908
    Offline

    Martin030908 DF Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,773
    Likes Received:
    0
    Trophy Points:
    151
    Ratings:
    +0
    Good details.

    Either means the issue is with the later versions or they just happened to find it in the newer ones.... we'll have to wait and see what Adobe issues to fix this.
     
  10. kennydied23
    Offline

    kennydied23 Member

    Joined:
    Mar 21, 2010
    Messages:
    594
    Likes Received:
    2
    Trophy Points:
    18
    Location:
    Cincinnati, OH
    Ratings:
    +2
    If you click on the first link in the OP it says:

    "Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris, and Adobe Flash Player 10.1.92.10 for Android"
     
  11. Martin030908
    Offline

    Martin030908 DF Super Moderator

    Joined:
    Nov 1, 2009
    Messages:
    8,773
    Likes Received:
    0
    Trophy Points:
    151
    Ratings:
    +0
    What I thought, which leads me to believe they only 'found' this in the newer versions, but it's existed all along.
     
  12. TheOldFart
    Offline

    TheOldFart Active Member

    Joined:
    Nov 26, 2009
    Messages:
    963
    Likes Received:
    27
    Trophy Points:
    28
    Location:
    New York State
    Ratings:
    +27
    Good catch. The version on my Droid is 10.1.92.10. It is 10.1.82.76 on my PC. According to Adobe, that is the latest PC version.
     
  13. srroos
    Offline

    srroos Member

    Joined:
    Mar 30, 2010
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Ratings:
    +0
    Those are indeed the latest versions, along with Adobe Reader 9.3.4.

    I have uninstalled Flash for now, but my roommate with a non-rooted EVO can't uninstall it since it is a system application. Not cool.
     
  14. Malvado
    Offline

    Malvado DF News Team/Mod Premium Member

    Joined:
    Nov 7, 2009
    Messages:
    1,991
    Likes Received:
    15
    Trophy Points:
    103
    Ratings:
    +15
    actually i dont see the latest version of FLASH listed as vulnerable so idk
     
  15. EvilDobe
    Offline

    EvilDobe Member

    Joined:
    Apr 12, 2010
    Messages:
    174
    Likes Received:
    0
    Trophy Points:
    16
    Ratings:
    +0
    No way.. an Adobe product with a vulnerability?? I would be shocked if they ever released a product without one. I'm leaving Flash on my phone because if we wait until Adobe releases a secure product we'll never get Flash on our phones. If you're concerned with Adobe and vulnerabilities you may as well remove it from your computers too.