Security flaw in Flash 10.2 threatens Android devices

Security flaw in Flash 10.2 threatens Android devices
Adobe has once again posted information regarding a malicious exploit for its widespread Flash software. Unfortunately, among a number of other platforms, the “critical” vulnerability can affect Google's Android mobile OS as well. The threat comes hidden inside of a Microsoft Word file containing embedded Flash content. Adobe reports that hackers are already using the exploit in order to obtain personal data by sending contaminated Word files as email attachments.

According to Adobe's Product Security Incident Response Team (PSIRT), the security “hole” may be exploited by a hacker enabling them to take control over the targeted device and steal personal data. In order for that to happen, it is required that the victim opens the Word file and clicks on the harmful Flash file, embedded inside it. Luckily, a patch from Adobe is on the way, and the vulnerability only affects Android devices running Flash 10.2.154.25 or a version prior to it.

Of course, this isn't the first time Adobe Flash is in the scope of hackers targeting unsuspecting victims. After all, it was less than a month ago when we reported about a quite similar vulnerability. Our advice is to be careful when opening your email attachments, keep your software up to date, and always bear in mind that no mobile platform out there is a hundred percent secure.

source: PSIRT via Android Authority

FEATURED VIDEO

33 Comments

1. derp unregistered

"and always bear in mind that no mobile platform out there is a hundred percent secure" true, but android is alot closer to 0% secure.

22. mambo unregistered

Do you want a list of iOS security weaknesses? Do your research to find out which is closer to 0% secure. Never heard of how celebrity iPhones got hacked with gusto?

2. Whateverman

Posts: 3295; Member since: May 17, 2009

Seems to me that Adobe is trying really hard to prove Steve Jobs right.

12. jogutier

Posts: 324; Member since: Feb 12, 2010

No Crapple fan, because there are viruses for your icrap out there too.

17. JeffdaBeat unregistered

What's with the anger?

31. protozeloz

Posts: 5396; Member since: Sep 16, 2010

you cant see sarcasm can you?

3. skymitch89

Posts: 1452; Member since: Nov 05, 2010

So, as long as we don't open the word file and select the link we're fine? Thought the security “hole” is bad, this sounds fairly good to me.

10. jogutier

Posts: 324; Member since: Feb 12, 2010

I have the fix....... just don't open word attachments that you don't recognize. NEXT! :)

4. celljrod

Posts: 82; Member since: Apr 07, 2011

There are always going to be security issues like this. Everyone should be smart enough by now not to open any attachments from unknown senders.

15. Fanboys Suck

Posts: 609; Member since: Dec 12, 2008

The day they remove "contents may be hot" from the Cup-O-Noodles packaging after you remove it from your microwave, then I will believe "...Everyone should be smart enough by now..."

18. celljrod

Posts: 82; Member since: Apr 07, 2011

I'll buy that, however, anyone that IS still dumb enough to do something like download an attachment from an unknown sender was just warned by Adobe that there is an issue, so if they get hacked, it's all on them

19. Fanboys Suck

Posts: 609; Member since: Dec 12, 2008

I agree... But some people out there... sheesh! LOL

21. protozeloz

Posts: 5396; Member since: Sep 16, 2010

LOL so true

5. davecann2

Posts: 460; Member since: Mar 15, 2011

Apple IOS - 1 Andriod - 0

6. Me unregistered

Android is open source compared to iOS which is not. Android- 1 iOS-0

13. Beaker unregistered

Please...WebOS is far more open source AND supported with a fraction of the security risks. iOS - 1 WebOS - 1 Android - 0

14. JeffdaBeat unregistered

What's the point of exploiting software that few people actually own and use? That's the biggest reason why there aren't many bugs for Macs...not because it's more secure than windows, but because it's more beneficial to exploit Windows...the majority.

24. protozeloz

Posts: 5396; Member since: Sep 16, 2010

27. derp unregistered

compared to the multiple posts weekly on Android vulnurabilities, you bring up 1 post from 6 months ago. yea android is about as secure as a glass safe.

28. celljrod

Posts: 82; Member since: Apr 07, 2011

Refer to post #14

29. protozeloz

Posts: 5396; Member since: Sep 16, 2010

information taken from source ''A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.'' this is not a android OS vulnerability issue you know, its a flash issue that affects any device with the Flash player installed and that also includes your PC most vulnerability big android issues are related with either non market apps, or flash witch in general is not androids fault

23. mambo unregistered

another ignorant person showing his scoreboard... Have you ever found out how a lot of celebreties got into deep kimchee because of how insecure iOS really is? Your scoreboard should be reading more like iOS: -10 (yeah that's a negative before the 10) Android: 0

7. TheFunnyMan

Posts: 77; Member since: Jan 26, 2011

Adobe, well done. If nothing else, you are coming out and letting us know "Hey, there might be a way people can get in here and steal your stuff. Watch yourself." Most companies would rather just sweep that under the rug and ignore it, and just launch an update.

11. celljrod

Posts: 82; Member since: Apr 07, 2011

Agreed. At least they had the nuts to admit there's a problem and warn people to be more careful

25. mambo unregistered

Agree! Unlike another company who can't even admit they made a major hardware design mistake.

26. tedkord

Posts: 17357; Member since: Jun 17, 2009

You're obviously one of those people who don['t know how to hold a godphone right.

30. mambo unregistered

I hold `em as I want `em. No need for a "god" to tell me how to hold it right...and I can touch it anywhere I want...yeah, even there! LOL!

8. 530gemini

Posts: 2198; Member since: Sep 09, 2010

That's alright. To android users, vulnerability is worth the risk. Gotta be able to view those ads :)

9. celljrod

Posts: 82; Member since: Apr 07, 2011

Do you ever make a comment about Android that is not negative?

16. Fanboys Suck

Posts: 609; Member since: Dec 12, 2008

No... and he also does not make a comment that is beneficial to the conversation or article... ever.

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.