Flash Exploit can nail early versions of Android

April 12, 2011
6

Adobe has announced a critical vulnerability in Flash Player 10.2.153.1 and earlier versions which may, and we do underscore MAY, affect early versions of the Android OS. The vulnerability causes a crash and could also allow a savvy attacker to take control of affected systems. It is usually triggered by an infect .swf file embedded into a Microsoft Word document delivered as an email attachment. Now, granted, this is going to be rare for the Android platform but Adobe felt it important enough to mention that early versions of the Bot OS may be affected.

So if you have an old G1 that you're hanging onto, you may want to steer clear of using Flash until adobe gets a fix out, which is currently scheduled for June 14, 2011 as part of their quarterly security update schedule. Yeah, June. You'd think if Adobe though this was important enough to mention, and exploits always are, that they'd have a regular update schedule like Microsoft does with Windows. I mean, QUARTERLY?

Then again, if you are still using an G1 or early model Android handset, you're probably WAY due to upgrade anyway. There's plenty of great handsets out there and many are free. I mean, we know the G1 was the first and all, but come on, get with the program! Seriously, this likely much ado about nothing for your average AC reader, but its always a good idea to keep up on what attackers are trying to do in case something pops up that nobody saw comin.

Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat

Release date: April 11, 2011

Vulnerability identifier:APSA11-02

CVE number: CVE-2011-0611

Platform: See "Affected software versions" section below for details
Summary

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

We are in the process of finalizing a schedule for delivering updates for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.
Affected software versions

* Adobe Flash Player 10.2.153.1 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
* Adobe Flash Player 10.2.154.25 and earlier for Chrome users
* Adobe Flash Player 10.2.156.12 and earlier for Android
* The Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.
Severity rating

Adobe categorizes this as a critical issue.
Details

A critical vulnerability exists in Flash Player 10.2.153.1 and earlier versions (Adobe Flash Player 10.2.154.25 and earlier for Chrome users) for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 10.2.156.12 and earlier versions for Android, and the Authplay.dll component that ships with Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems.

This vulnerability (CVE-2011-0611) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Word (.doc) file delivered as an email attachment, targeting the Windows platform. At this time, Adobe is not aware of any attacks via PDF targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

We are in the process of finalizing a schedule for delivering updates for Flash Player 10.2.x and earlier versions for Windows, Macintosh, Linux, Solaris and Android, Adobe Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh, Adobe Reader X (10.0.2) for Macintosh, and Adobe Reader 9.4.3 and earlier 9.x versions for Windows and Macintosh. Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

Acknowledgments
Adobe would like to thank Mila Parkour (http://contagiodump.blogspot.com) for working with Adobe on this issue to help protect our customers.


Recent Stories

  • http://twitter.com/RDR0b11 David Ruddock

    You realize you completely misread the bulletin, right? It has nothing to do with earlier versions of Android. I’ll go ahead and let you figure that one out.

    • http://www.facebook.com/people/Dave-Freeman/546537884 Dave Freeman

      He didn’t misread the article, though, which specifically says “MAY, affect early versions of the Android OS.” Yes, James misread the bulletin, which specifically references “earlier versions” of Flash.

  • http://www.facebook.com/profile.php?id=1815694091 Robert Ray Dunn

    Early versions of Android didn’t have flash, so I don’t think anybody has cause for concern here. Unless you consider 2.2 to be early.

  • http://twitter.com/matthewfabb matthewfabb

    Just don’t open up Word documents from unknown locations. That said, Adobe can so far only reproduce this on a Windows machine, but are still making a blanket warning just in case.

  • http://twitter.com/matthewfabb matthewfabb

    Just don’t open up Word documents from unknown locations. That said, Adobe can so far only reproduce this on a Windows machine, but are still making a blanket warning just in case.

  • http://webhostingreview.info/ecommerce-hosting/ eCommerce Hosting Reviews

    Sounds quite interesting!!>.