An interesting security advisory appeared on Adobe’s support site this week:
The summary is as follows:
A critical vulnerability exists in Adobe Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2010-1297) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat. This advisory will be updated once a schedule has been determined for releasing a fix.
Now, the timing of this is mighty nice for Steve Jobs who’s under fire for not supporting Flash on the iPhone and iPad. But as someone who has to (try to) develop for Flash I can say I’m not surprised. Not by the security advisory nor by Jobs’ and Apple’s position. Flash player always crashes on me and it cranks up my CPU meters more than anything other than video conversion.
Should Jobs have allowed Flash onto Apple’s mobile devices? From a pure market-share perspective: yes. But I can see where he’s coming from and being able to see some Flash-based sites at the cost of having your mobile device crash or lock-up isn’t a trade-off I’d really want to make for people.