x PhoneArena is looking for new authors! To view all available positions, click here.
  • Home
  • News
  • Security flaw in Flash 10.2 threatens Android devices

Security flaw in Flash 10.2 threatens Android devices

Posted: , by Nick T.

Tags:

Security flaw in Flash 10.2 threatens Android devices
Adobe has once again posted information regarding a malicious exploit for its widespread Flash software. Unfortunately, among a number of other platforms, the “critical” vulnerability can affect Google's Android mobile OS as well. The threat comes hidden inside of a Microsoft Word file containing embedded Flash content. Adobe reports that hackers are already using the exploit in order to obtain personal data by sending contaminated Word files as email attachments.

According to Adobe's Product Security Incident Response Team (PSIRT), the security “hole” may be exploited by a hacker enabling them to take control over the targeted device and steal personal data. In order for that to happen, it is required that the victim opens the Word file and clicks on the harmful Flash file, embedded inside it. Luckily, a patch from Adobe is on the way, and the vulnerability only affects Android devices running Flash 10.2.154.25 or a version prior to it.

Of course, this isn't the first time Adobe Flash is in the scope of hackers targeting unsuspecting victims. After all, it was less than a month ago when we reported about a quite similar vulnerability. Our advice is to be careful when opening your email attachments, keep your software up to date, and always bear in mind that no mobile platform out there is a hundred percent secure.

source: PSIRT via Android Authority

33 Comments
  • Options
    Close




posted on 12 Apr 2011, 10:35 7

1. derp (unregistered)


"and always bear in mind that no mobile platform out there is a hundred percent secure"

true, but android is alot closer to 0% secure.

posted on 12 Apr 2011, 12:28 8

22. mambo (unregistered)


Do you want a list of iOS security weaknesses?
Do your research to find out which is closer to 0% secure.
Never heard of how celebrity iPhones got hacked with gusto?

posted on 12 Apr 2011, 10:40 9

2. Whateverman (Posts: 3187; Member since: 17 May 2009)


Seems to me that Adobe is trying really hard to prove Steve Jobs right.

posted on 12 Apr 2011, 11:57 3

12. jogutier (Posts: 324; Member since: 12 Feb 2010)


No Crapple fan, because there are viruses for your icrap out there too.

posted on 12 Apr 2011, 12:13 5

17. JeffdaBeat (unregistered)


What's with the anger?

posted on 12 Apr 2011, 13:00 3

31. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


you cant see sarcasm can you?

posted on 12 Apr 2011, 10:51 3

3. skymitch89 (Posts: 1021; Member since: 05 Nov 2010)


So, as long as we don't open the word file and select the link we're fine? Thought the security “hole” is bad, this sounds fairly good to me.

posted on 12 Apr 2011, 11:56 6

10. jogutier (Posts: 324; Member since: 12 Feb 2010)


I have the fix....... just don't open word attachments that you don't recognize. NEXT! :)

posted on 12 Apr 2011, 11:09 4

4. celljrod (Posts: 82; Member since: 07 Apr 2011)


There are always going to be security issues like this. Everyone should be smart enough by now not to open any attachments from unknown senders.

posted on 12 Apr 2011, 12:10 4

15. Fanboys Suck (Posts: 609; Member since: 12 Dec 2008)


The day they remove "contents may be hot" from the Cup-O-Noodles packaging after you remove it from your microwave, then I will believe "...Everyone should be smart enough by now..."

posted on 12 Apr 2011, 12:14 3

18. celljrod (Posts: 82; Member since: 07 Apr 2011)


I'll buy that, however, anyone that IS still dumb enough to do something like download an attachment from an unknown sender was just warned by Adobe that there is an issue, so if they get hacked, it's all on them

posted on 12 Apr 2011, 12:16 3

19. Fanboys Suck (Posts: 609; Member since: 12 Dec 2008)


I agree... But some people out there... sheesh! LOL

posted on 12 Apr 2011, 12:26 1

21. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


LOL so true

posted on 12 Apr 2011, 11:10 5

5. davecann2 (Posts: 460; Member since: 15 Mar 2011)


Apple IOS - 1
Andriod - 0

posted on 12 Apr 2011, 11:23 8

6. Me (unregistered)


Android is open source compared to iOS which is not.

Android- 1
iOS-0

posted on 12 Apr 2011, 11:58 3

13. Beaker (unregistered)


Please...WebOS is far more open source AND supported with a fraction of the security risks.

iOS - 1
WebOS - 1
Android - 0

posted on 12 Apr 2011, 12:08 8

14. JeffdaBeat (unregistered)


What's the point of exploiting software that few people actually own and use? That's the biggest reason why there aren't many bugs for Macs...not because it's more secure than windows, but because it's more beneficial to exploit Windows...the majority.

posted on 12 Apr 2011, 12:31 2

24. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


LOL you don't read phonearena often do you?

http://www.phonearena.com/news/webOS-prone-to-security-attacks_id14914

posted on 12 Apr 2011, 12:43 1

27. derp (unregistered)


compared to the multiple posts weekly on Android vulnurabilities, you bring up 1 post from 6 months ago. yea android is about as secure as a glass safe.

posted on 12 Apr 2011, 12:45 1

28. celljrod (Posts: 82; Member since: 07 Apr 2011)


Refer to post #14

posted on 12 Apr 2011, 12:58 4

29. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


information taken from source
''A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.''

this is not a android OS vulnerability issue you know, its a flash issue that affects any device with the Flash player installed and that also includes your PC

most vulnerability big android issues are related with either non market apps, or flash witch in general is not androids fault

posted on 12 Apr 2011, 12:30 4

23. mambo (unregistered)


another ignorant person showing his scoreboard...
Have you ever found out how a lot of celebreties got into deep kimchee because of how insecure iOS really is?

Your scoreboard should be reading more like

iOS: -10 (yeah that's a negative before the 10)
Android: 0

posted on 12 Apr 2011, 11:31 5

7. TheFunnyMan (Posts: 77; Member since: 26 Jan 2011)


Adobe, well done. If nothing else, you are coming out and letting us know "Hey, there might be a way people can get in here and steal your stuff. Watch yourself." Most companies would rather just sweep that under the rug and ignore it, and just launch an update.

posted on 12 Apr 2011, 11:57 5

11. celljrod (Posts: 82; Member since: 07 Apr 2011)


Agreed. At least they had the nuts to admit there's a problem and warn people to be more careful

posted on 12 Apr 2011, 12:33 6

25. mambo (unregistered)


Agree! Unlike another company who can't even admit they made a major hardware design mistake.

posted on 12 Apr 2011, 12:36 1

26. tedkord (Posts: 4286; Member since: 17 Jun 2009)


You're obviously one of those people who don['t know how to hold a godphone right.

posted on 12 Apr 2011, 12:59 4

30. mambo (unregistered)


I hold `em as I want `em. No need for a "god" to tell me how to hold it right...and I can touch it anywhere I want...yeah, even there! LOL!

posted on 12 Apr 2011, 11:53 4

8. 530gemini (Posts: 2198; Member since: 09 Sep 2010)


That's alright. To android users, vulnerability is worth the risk. Gotta be able to view those ads :)

posted on 12 Apr 2011, 11:54 9

9. celljrod (Posts: 82; Member since: 07 Apr 2011)


Do you ever make a comment about Android that is not negative?

posted on 12 Apr 2011, 12:13 8

16. Fanboys Suck (Posts: 609; Member since: 12 Dec 2008)


No... and he also does not make a comment that is beneficial to the conversation or article... ever.

posted on 12 Apr 2011, 12:25 5

20. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


then claims it never talks on android related post because they don't matter to him/her, and the others are hating when they talk on apples ralated post

posted on 13 Apr 2011, 01:45

34. Humble (unregistered)


Just a curious thought. Is it possible to disable the flash on Android phones because I really don't want to see those ads and only activate flash when I am surfing flash content website or youtube? Sorry if I sound awkward but I have yet to migrate to any smartphones yet so basically I am still ignorant when it comes to smartphone.

I am planning to get the HTC Sensation when it arrives and I really don't want flash to slow down the web loading time and drain the phone battery unnecessarily.

posted on 13 Apr 2011, 07:37 1

35. protozeloz (Posts: 5369; Member since: 16 Sep 2010)


yes its possible so enable flash on request if you have dolphin browser installed
here is the app
https://market.android.com/details?id=mobi.mgeek.TunnyBrowser&feature=search_result
when installed press menu button, then choose more then settings under there you will see flash settings and you can enable flash on request ( I would give you more info if my phone was not dead :( )

Want to comment? Please login or register.

Latest stories