Security flaw in Flash 10.2 threatens Android devices

Security flaw in Flash 10.2 threatens Android devices
Adobe has once again posted information regarding a malicious exploit for its widespread Flash software. Unfortunately, among a number of other platforms, the “critical” vulnerability can affect Google's Android mobile OS as well. The threat comes hidden inside of a Microsoft Word file containing embedded Flash content. Adobe reports that hackers are already using the exploit in order to obtain personal data by sending contaminated Word files as email attachments.

According to Adobe's Product Security Incident Response Team (PSIRT), the security “hole” may be exploited by a hacker enabling them to take control over the targeted device and steal personal data. In order for that to happen, it is required that the victim opens the Word file and clicks on the harmful Flash file, embedded inside it. Luckily, a patch from Adobe is on the way, and the vulnerability only affects Android devices running Flash or a version prior to it.

Of course, this isn't the first time Adobe Flash is in the scope of hackers targeting unsuspecting victims. After all, it was less than a month ago when we reported about a quite similar vulnerability. Our advice is to be careful when opening your email attachments, keep your software up to date, and always bear in mind that no mobile platform out there is a hundred percent secure.

source: PSIRT via Android Authority



34. Humble unregistered

Just a curious thought. Is it possible to disable the flash on Android phones because I really don't want to see those ads and only activate flash when I am surfing flash content website or youtube? Sorry if I sound awkward but I have yet to migrate to any smartphones yet so basically I am still ignorant when it comes to smartphone. I am planning to get the HTC Sensation when it arrives and I really don't want flash to slow down the web loading time and drain the phone battery unnecessarily.

35. protozeloz

Posts: 5396; Member since: Sep 16, 2010

yes its possible so enable flash on request if you have dolphin browser installed here is the app when installed press menu button, then choose more then settings under there you will see flash settings and you can enable flash on request ( I would give you more info if my phone was not dead :( )

8. 530gemini

Posts: 2198; Member since: Sep 09, 2010

That's alright. To android users, vulnerability is worth the risk. Gotta be able to view those ads :)

9. celljrod

Posts: 82; Member since: Apr 07, 2011

Do you ever make a comment about Android that is not negative?

16. Fanboys Suck

Posts: 609; Member since: Dec 12, 2008

No... and he also does not make a comment that is beneficial to the conversation or article... ever.

20. protozeloz

Posts: 5396; Member since: Sep 16, 2010

then claims it never talks on android related post because they don't matter to him/her, and the others are hating when they talk on apples ralated post

7. TheFunnyMan

Posts: 77; Member since: Jan 26, 2011

Adobe, well done. If nothing else, you are coming out and letting us know "Hey, there might be a way people can get in here and steal your stuff. Watch yourself." Most companies would rather just sweep that under the rug and ignore it, and just launch an update.

11. celljrod

Posts: 82; Member since: Apr 07, 2011

Agreed. At least they had the nuts to admit there's a problem and warn people to be more careful

25. mambo unregistered

Agree! Unlike another company who can't even admit they made a major hardware design mistake.

26. tedkord

Posts: 17532; Member since: Jun 17, 2009

You're obviously one of those people who don['t know how to hold a godphone right.

30. mambo unregistered

I hold `em as I want `em. No need for a "god" to tell me how to hold it right...and I can touch it anywhere I want...yeah, even there! LOL!

6. Me unregistered

Android is open source compared to iOS which is not. Android- 1 iOS-0

13. Beaker unregistered

Please...WebOS is far more open source AND supported with a fraction of the security risks. iOS - 1 WebOS - 1 Android - 0

14. JeffdaBeat unregistered

What's the point of exploiting software that few people actually own and use? That's the biggest reason why there aren't many bugs for Macs...not because it's more secure than windows, but because it's more beneficial to exploit Windows...the majority.

24. protozeloz

Posts: 5396; Member since: Sep 16, 2010

27. derp unregistered

compared to the multiple posts weekly on Android vulnurabilities, you bring up 1 post from 6 months ago. yea android is about as secure as a glass safe.

28. celljrod

Posts: 82; Member since: Apr 07, 2011

Refer to post #14

29. protozeloz

Posts: 5396; Member since: Sep 16, 2010

information taken from source ''A critical vulnerability exists in Flash Player and earlier versions (Adobe Flash Player and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.'' this is not a android OS vulnerability issue you know, its a flash issue that affects any device with the Flash player installed and that also includes your PC most vulnerability big android issues are related with either non market apps, or flash witch in general is not androids fault

23. mambo unregistered

another ignorant person showing his scoreboard... Have you ever found out how a lot of celebreties got into deep kimchee because of how insecure iOS really is? Your scoreboard should be reading more like iOS: -10 (yeah that's a negative before the 10) Android: 0

5. davecann2

Posts: 460; Member since: Mar 15, 2011

Apple IOS - 1 Andriod - 0

4. celljrod

Posts: 82; Member since: Apr 07, 2011

There are always going to be security issues like this. Everyone should be smart enough by now not to open any attachments from unknown senders.

15. Fanboys Suck

Posts: 609; Member since: Dec 12, 2008

The day they remove "contents may be hot" from the Cup-O-Noodles packaging after you remove it from your microwave, then I will believe "...Everyone should be smart enough by now..."

18. celljrod

Posts: 82; Member since: Apr 07, 2011

I'll buy that, however, anyone that IS still dumb enough to do something like download an attachment from an unknown sender was just warned by Adobe that there is an issue, so if they get hacked, it's all on them

19. Fanboys Suck

Posts: 609; Member since: Dec 12, 2008

I agree... But some people out there... sheesh! LOL

21. protozeloz

Posts: 5396; Member since: Sep 16, 2010

LOL so true

3. skymitch89

Posts: 1453; Member since: Nov 05, 2010

So, as long as we don't open the word file and select the link we're fine? Thought the security “hole” is bad, this sounds fairly good to me.

10. jogutier

Posts: 324; Member since: Feb 12, 2010

I have the fix....... just don't open word attachments that you don't recognize. NEXT! :)

2. Whateverman

Posts: 3295; Member since: May 17, 2009

Seems to me that Adobe is trying really hard to prove Steve Jobs right.

12. jogutier

Posts: 324; Member since: Feb 12, 2010

No Crapple fan, because there are viruses for your icrap out there too.

17. JeffdaBeat unregistered

What's with the anger?

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless