Adobe has disclosed a newly-discovered vulnerability in current versions of the Flash Player and says there are reports that it is being exploited in the wild.
According to Adobe, a critical vulnerability exists in Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.
Adobe is in the process of finalizing a fix for the issue and expect to provide an update for Adobe Flash Player Android operating systems during the week of September 27, 2010.
While Adobe cautions owners to “follow security best practices by keeping their anti-malware software and definitions up to date”, this advice leaves Android owners in the lurch as there are no best practices or virus definition updates for this mobile OS. There are several security apps available for Android including Norton Mobile Security, droidSecurity, and Lookout, but Google’s mobile OS is a relatively young and untested platform for security applications. We really have no idea how quickly and effectively these applications will respond to a circulating threat.