Adobe to address vulnerability in Flash Player for Android

Adobe has announced that it is planning to address a security vulnerability in Flash Player for Android, as well as the versions for Mac, Windows, and Unix; and Acrobat reader for Mac, Windows, and Unix.  They've marked this vulnerability as critical, which means it has the potential to crash and allow code to run on the users machine.  There are reports of attacks against Windows machines in the wild, but no reports of any other operating systems being affected as of yet.  Expect the fix the week of the Sept. 27, according to Adobe.

Do note that Adobe isn't saying that there are existing attacks against Android, only that the potential is there and they will be releasing a fix.  Also, while nobody has come forward and explicitly said so, this likely has potential to exploit and root an Android phone much like was used on the Evo 4G a while back.  Be on the lookout for an update to your Flash Player, and we'll be sure to remind you when we see it rolling out. [Adobe (opens in new tab)]

Jerry Hildenbrand
Senior Editor — Google Ecosystem

Jerry is an amateur woodworker and struggling shade tree mechanic. There's nothing he can't take apart, but many things he can't reassemble. You'll find him writing and speaking his loud opinion on Android Central and occasionally on Twitter.

  • I got an auto-update on my Flash on my Nexus the other day. not sure if this is the same. I'm running Flash Player version
  • Steve Jobs said the iphone will never run Adobe Flash because Flash is piggy and buggy. Now Adobe admits that only high-end Android phones can run Flash and Flash has critical bugs. Just saying.
  • You're right. They should have just said to hold it different instead.
  • You have a point, but the good thing about Android is that it is all about choices. Adobe flash is not installed on every device by default. Instead each user has the choice to use the program knowing full well that it might be somewhat resource intensive and potentially buggy.
  • Everything is buggy. There is no such thing as bug free code.
    Critical bugs in third party apps, bad. Critical bugs in iPhone's own render engine for PDFs far worse. As for piggy, it depends. I have it set to On Demand in the browser, so I only see the Monkeys I actually want to Whack. It sure is convenient on those occasions where there is not yet any YouTube version to be able to see it right there in the web page. Yeah, it takes some room. I bet if Adobe offered its programming team $5000 bucks for every K chopped out of it without loss of functionality it would shrink in a hurry. Jobs is wrong. iPhone will run flash one day.
  • Well I put the update on my evo and everything has been running even better, and the quality of videos have gotten way better. And guys please remember Steve jobs is a tool and iPhone owners are tool bits. The day that Any iPhone can out perform my Evo is the day I buy one of apples ipdas, which my Evo also out performs and gives me everything the ipad can't. Lol
  • This link ( shows the iPad kicking the Evo's ass convincingly. The guy in the video is clearly making excuses for the Evo. Fact is the iPad beat it and the interface on the iPad is a lot more responsive an fluid. To be fair, you can find videos showing either one the victor. The true measure is balance. All of these phones now have similar hardware, features, functionality. The iPhone thankfully lacks Flash in the browser, but it makes up for it through games and apps for sites such as Hulu, ABC and NetFlix. I dont think you can play the content from these sites on your Evo. The iPhone wins on balance. The Evo's battery suck and the interface is jerky, among other things. On the iPhone, you have one master, Apple/Steve Jobs. On Android there are many masters, Google, Motorola, LG, Samsung, HTC, Verizon, Sprint, T-mobile, AT&T and others. Now Verizon has created it's own curated VCast app store for some Android devices that may block acces to the Marketplace. Wow!
  • I still don't get it, rather than argue that HTML5 will be a standard l, why not just support flash to give users the capabilities of full internet, I am not arguing that HTML5 is a bad platform, I am just saying that just completely putting off flash will make iPhone users just come to Android. That alone could make people come to Android. Now as for this issue, its flash deal with it.
  • I already addressed it in mine.
  • I was one of the first to address it, by not installing in the first place, though I'll admit that my decision had nothing to do with security or lack thereof.
  • I don't get how you can have a definite problem, a definite solution, and a definite release date that is two weeks out. If you know what the solution is, RELEASE IT ALREADY! If you know what the solution is, but need to complete the coding or testing, or whatever else, HIRE MORE PEOPLE, AND RELEASE IT ALREADY!
    When you put Exchange Activesync on a device, you are expressing your interest in the corporate market. If you have an interest in the corporate market, when you have a security vulnerability like this you are effectively requiring that the corporate user remove the impacted application. Not good. Step up and fix it ASAP Adobe. Man. Talk about an unfortunate event. Apple complains and denies you and you let this happen. On top of that, you make everyone wait for two weeks to get he patch. PR 101: Take the vulnerability off the table. Fix the problem yesterday so it's out of the news and a non-issue.
  • I dont understand why its so hard for others to resolve the resolve the security issues with Adobe products. I fid it several years agoi, and escaped from the seemingly endless update notifications, wirry about my security and work interuptions. It's actually quite simple, UNINSTALL THOSE POORLY CODED COBBLED TOGETHER PATHETIC EXCUSES OF APPLICATIONS. In particular, don't use sites that require Flash, and let the owners of those sites know why you wont use them. Adobes security issues make Microsoft Windows look like a paragon of proper software design. Supporting the Adobe sausage factory makes no sense, given that alternatives fot evey one of its products are not only available, many are better.