It is likely that you have some Adobe software installed on your PC or Mac. It could be Adobe Acrobat Reader, it could be Adobe Air, or it could be Adobe Flash Player.
Flash is so popular that Google ships it as a built-in plugin for its Chrome web browser. It is also likely that you have some Adobe software on your Android device, and it would be one (or all) of the same three listed above. All very nice – you can view PDF files on your PC and on your mobile device, you can use Flash on your PC and on your Android phone. But there is a price to pay for all this lovely integration – security. Adobe software is one of the hottest targets for hackers and malware writers. In 2011, Adobe had the dubious honor of being responsible for the top three most critical security vulnerabilities and had five vulnerabilities in the top ten.
Adobe issues frequent updates for all its products however it is often an uphill struggle against hackers and cyber criminals. Recently, Adobe was caught off guard when hackers started using an unknown flaw in Adobe Flash Player to infect PCs with a Trojan that opened a back door on the compromised computer. These previously unknown flaws are known as zero-day vulnerabilities, as zero is the number of days the software company knew about the issue before it was exploited.
This particular flaw targeted Flash Player on Windows and was exploited via an email which contained a Microsoft Word document with some embedded Flash in it. Once the document was opened, the Flash was run and the PC was compromised. When Adobe started looking into the problem they discovered that the security hole not only existed on Flash for Windows but also Flash for Mac, Linux and yes, you guessed it, Android.
According to the security advisory released by Adobe: “Users of Adobe Flash Player 188.8.131.52 and earlier versions on Android 4.x devices should update to Adobe Flash Player 184.108.40.206. Users of Adobe Flash Player 220.127.116.11 and earlier versions for Android 3.x and earlier versions should update to Flash Player 18.104.22.168.” The easiest way to do this is via Google Play.
Although there are no known attacks that target this weakness in Flash for Android, it really is only a matter of time before these PC-centric attacks (via Flash and PDF files) start to appear on mobile devices as well.
Stay vigilant, don’t download attachments from dubious emails and always check Google Play to see what apps need updating on your device.