G&E reader Todd wrote in to let us know that the latest version of Flash Player 10.1 for Android is now showing up in the Market for the HTC EVO 4G; however, my advice is to not install it. The higher version number (10.1.92.10) may be tempting—version 10.1.72.7 was included in the OTA Froyo update—but Adobe has issued a security advisory about a "critical vulnerability" that exists in this particular version of Flash Player for Android. This vulnerability "could cause a crash and potentially allow an attacker to take control of the affected system."
The issue can also be found in desktop versions of the plug-in as well as in other Adobe products. The company says Windows (as usual) is the main target, but the mere mention of Android in the advisory is enough reason for me to stick with the existing Flash Player. The chances of your EVO being targeted and/or affected by this vulnerability are probably very slim, but I'd rather err on the side of caution here, especially considering the accounts and information that can be found on an Android phone because of all the Google integration.
An update that fixes the problem is expected to be released during the last week of September.
[Adobe]
