September 24, 2016

Adobe Fixes Critical Vulnerabilities in Flash Across the Desktop and on Android

Last week Google released a new version of Chrome with an updated version of Flash to address new zero-day vulnerabilities. Now, as anticipated, Adobe has released the official Flash Player update for Windows, OS X and Linux. Simultaneously it has also released Flash Player 10.2 for Android which also addresses the same vulnerabilities as well as adding new features to the mobile version of the player.

According to the Adobe security bulletins (APSB11-02 and APSA11-01) there are critical vulnerabilities in Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Affected versions are: Adobe Flash Player 10.1.102.64 and earlier versions for Windows, Macintosh, Linux, and Solaris. Also affected is Adobe Flash Player 10.1.106.16 and earlier versions for Android.

On the Android mobile platform, Flash Player 10.2 is now available for download for Android 2.2 (Froyo) and 2.3 (Gingerbread) devices and an initial beta release for Android 3.x (Honeycomb) tablets.

Flash support for Android 3.x devices has been keenly awaited and “brings a full web browsing experience, including video, games and other interactive content.”

Improvements included in Flash Player 10.2 for Android are:

  • Performance enhancements to take advantage of new hardware in both Android 3.x tablets, as well as existing hardware in many Android 2.2 and 2.3 devices
  • Tight integration with the new Android 3.x browser to treat Flash content as part of the web page instead of as a separate “overlay.” This results in improved scrolling of web pages and the ability to display pages in the way intended by the page designer, including new support for compositing HTML and other web content over Flash Player rendered content.
  • Automatic soft keyboard support to simplify text entry for rich mobile and multi-screen experiences

As mentioned above, this new version of Flash for Android also incorporates the security fixes as described in Security Bulletins APSB11-02 and APSA11-01.