Adobe confirmed that its latest Adobe Flash zero day exploit extends to Android handsets in addition to Windows, Macintosh, Linux, and Solaris machines. This exploit opens a hole for remote hackers to crash an affected system or execute code remotely. Before you panic and shut down your handset, this vulnerability is circulating in the wild for the Windows-based Flash Player only, not Android handsets. For Android owners, this is still a theoretical vulnerability and not one to cause mass panic. Concern maybe, but not panic.
While Adobe cautions owners to “follow security best practices by keeping their anti-malware software and definitions up to date”, this advice leaves Android owners in the lurch as there are no best practices or virus definition updates for this mobile OS. There are several security apps available for Android including Norton Mobile Security, droidSecurity, and Lookout, but Google’s mobile OS is a relatively young and untested platform for security applications. We really have no idea how quickly and effectively these applications will respond to a circulating threat.
This whole situation serves to remind us that even a mobile OS is not free from attack and re-enforces the security aspect that Steve Jobs points out in his treatise on why iOS will not support Flash. While Apple is not free from security vulnerabilities, it is a shame that Android owners have to deal with an Adobe Flash exploit so soon after Flash finally hit the mobile platform. Thankfully, Adobe is on top of things and is expected to roll out a fix the week of September 27th.
[Via PC World]