Updated Flash Player 10.1 (version 10.1.92.10) for HTC EVO has security vulnerability

Evo-flash-update-si

G&E reader Todd wrote in to let us know that the latest version of Flash Player 10.1 for Android is now showing up in the Market for the HTC EVO 4G; however, my advice is to not install it. The higher version number (10.1.92.10) may be tempting—version 10.1.72.7 was included in the OTA Froyo update—but Adobe has issued a security advisory about a "critical vulnerability" that exists in this particular version of Flash Player for Android. This vulnerability "could cause a crash and potentially allow an attacker to take control of the affected system."

The issue can also be found in desktop versions of the plug-in as well as in other Adobe products. The company says Windows (as usual) is the main target, but the mere mention of Android in the advisory is enough reason for me to stick with the existing Flash Player. The chances of your EVO being targeted and/or affected by this vulnerability are probably very slim, but I'd rather err on the side of caution here, especially considering the accounts and information that can be found on an Android phone because of all the Google integration.

An update that fixes the problem is expected to be released during the last week of September.

[Adobe]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!

Jenn K. Lee

Jenn K. Lee is the founder of Pocketables. She loves gadgets the way most women love shoes and purses. The pieces in her tech wardrobe that go with everything are currently the Samsung Galaxy Note II, Sony Tablet P, and Nexus 7, but there are still a couple of vintage UMPCs/MIDs in the back of her closet.

More posts by Jenn | Subscribe to Jenn's posts