Adobe has released a new version of its Flash Player for Android that fixes some critical security bugs. The new version of Flash, which, incidentally, is also available for Windows, Linux and OS X, fixes security vulnerabilities in Flash Player 126.96.36.199 and earlier versions for Android 4.x, and Flash Player 188.8.131.52 and earlier versions for Android 3.x and 2.x. These vulnerabilities, if exploited, could cause a crash and potentially allow an attacker to take control of the affected phone or tablet.
The update fixes two problems – the first is a memory corruption vulnerability in Matrix3D, a part of Flash which is used to determine the position and orientation of a three-dimensional object, that could lead to unauthorized code execution. The second vulnerability patched is an integer error that can lead to information disclosure.
Although these vulnerabilities are seen as critical, Adobe has rated them as “priority 2″ which means that there are currently no known exploits, and, based on previous experience, Adobe does not anticipate that exploits are imminent. As a result, Adobe is recommending users to install the update within the next 30 days.
If you have Android 4.0, you should update to Adobe Flash Player 184.108.40.206 by browsing to the Android Marketplace (now called Google Play Store) from your device. For those with Android 3.x and Android 2.x, you need Flash Player 220.127.116.11, which can be downloaded from the same location on the Play Store.