Adobe has published a new build of Flash Player to the Android Market, closing a security hole it recently became aware of.
Flash Player 10.3.185.23 for Android includes code to correct a cross-site scripting vulnerability that has the potential to be used to interact with websites on your behalf but without your permission. The chance of such an attack being targeted against smartphone users is remote, but there’s no sense in exposing yourself further when a fix is already available.
In addition to the scripting fix, this release also includes the fix from the recent 10.3.185.21 build, which could be used to crash Flash Player but hasn’t been identified as being used in any successful attacks upon users. Again, installing the fix is more of a better-safe-than-sorry move; don’t be too concerned if you forget for a bit.
Sadly, there’s still no progress on some of the existing, known bugs with specific Android devices in Flash Player 10.3. Maybe we’ll just end up having to wait for Flash Player 10.4.