Another Security Problem in Flash Player, Fix Next Week
Adobe can’t seem to catch a break! According to their security bulletin, “A critical vulnerability exists in Adobe Flash Player (…) 10.1.106.16 and earlier versions for Android”. Apparently there is a problem inside the Authplay.dll file that ships with virtually every version of the player. Windows, Mac, and Linux versions are also at risk. “This vulnerability (CVE-2011-0609) could cause a crash and potentially allow an attacker to take control of the affected system.”
As of this writing Flash Player 10.1 is the most current version of the app available in the Android Market with 10.2 expected within the week.
Since the problem exists in version 10.2 of the Flash Player for desktop computers we assume it’s present in the forthcoming 10.2 Flash Player for Android as well. Whether this means the 10.2 update will be delayed to incorporate a fix to address this issue, or whether that fix will come in a forthcoming “10.3” release is unknown at this time. In either event users should not delay installing the 10.2 update (either on desktop or mobile devices) as it contains security patches of its own.