Risk
6/22/2010
02:15 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Adobe Flash Player 10.1 For Mobile Debuts

Long delayed and much disparaged, Flash Player 10.1 for mobile devices will finally be tested in the market place.

Adobe on Tuesday said that it has released Flash 10.1 to its mobile platform partners, a move that means users of Android, BlackBerry, webOS, Windows Phone, LiMo, MeeGo and Symbian OS mobile devices will someday be able to run Flash content.

Just not today. With the exception of Nexus One users who have upgraded to Android 2.2, Flash on mobile phones remains scarce. It's not quite vaporware on the level of Duke Nukem Forever, undelivered after more than a decade. But it's late enough to prompt ridicule from Apple CEO Steve Jobs.

"We have routinely asked Adobe to show us Flash performing well on a mobile device, any mobile device, for a few years now," Jobs wrote in an open letter in April. "We have never seen it. Adobe publicly said that Flash would ship on a smartphone in early 2009, then the second half of 2009, then the first half of 2010, and now they say the second half of 2010. We think it will eventually ship, but we're glad we didn't hold our breath."

Adobe is now promising that "Flash Player 10.1 will be available as a final production release for smart phones and tablets once users are able to upgrade to Android 2.2 'Froyo.'"

That could happen as soon as next month for those buying Motorola's DROID X. For other devices, we may be talking about several months or even into 2011.

Nonetheless, the release of Flash Player 10.1 is better late than never and Adobe has assembled a formidable list of supporters to counter Apple's repeated eulogies for Flash.

There's Google engineering VP Andy Rubin expressing his excitement that "Android is the first mobile platform to support the full Flash Player."

There's Microsoft general manager Stephanie Ferguson declaring that Microsoft is "working closely with Adobe to bring the Flash Player 10.1 to a future version of Windows Phone."

And there's RIM BlackBerry platform SVP Alan Brenner asserting that "customers want a rich experience on mobile devices with access to the full Web featuring Adobe Flash content."

But never mind the posturing. Now that Flash Player 10.1 is real, the war of words between Apple and Adobe will finally be resolved by the market. We will see whether users really want Flash content on their mobile devices, whether Flash content performs well, without degrading battery life or introducing security problems as Jobs has claimed, and whether developers remain committed to the Flash platform a way to reach the widest possible audience.

Coincidentally, Apple on Tuesday said that it has shipped 3 million iPads in 80 days. Unfortunately for Adobe, none of those devices support Flash.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5452
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document containing a table that is improperly handled during unrestricted xsl:copy operations.

CVE-2014-6041
Published: 2014-09-02
The Android Browser application 4.2.1 on Android allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.