Critical Adobe Flash Player Exploit, Android Not Immune
Maybe Steve Jobs had a good idea keeping Adobe products off his portable devices, albeit for the wrong reasons.
According to a spokesperson for Adobe “A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, Solaris and Android operating systems. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.” (emphasis added)
This is a critical zero day exploitable flaw in Adobe’s Flash which. What’s worse, it’s the second in less than a week!
Though no exploits in-the-wild are known to be specifically targeting Android, the potential is there. As we’ve seen with prior malware on Android, unlike Windows and Mac computers, mobile phones have an automatic revenue stream for the author via premium SMS messages that charge the account for each message sent.
The spokesperson continued, “Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.”
What this means for Android is that users should regularly check the Market for updates to installed apps (especially those by Adobe) and make sure you’re running the latest version. Froyo, Android 2.2 makes this a little easier by allowing users to automatically download updates, as long as the permissions requested by the app don’t change from the prior version — in which case a manual update is required.
When was the last time you made sure all your apps were up-to-date?
(Source: PC World)