Quote:
Originally Posted by Mike F
I had no idea Adobe products were so vulnerable
|
#1 risk vector today, especially in business. Flash in the browser and Reader handling PDF's is a security minefield.
Now Adobe has tried to fix some of this by introducing an auto-update mechanism to their products (Flash in particular), not unlike Windows Update - however, I am deeply concerned it will get compromised and allow a mass deployment of a trojan'ed version of Flash. They have already had one security breach along these lines allowing Flash applications to be signed with their private key - the only thing that didn't happen was it getting published to their auto-update server.
The same concern exists for other update mechanisms (Microsoft Update and Apple's App Store update process are the big ones of course), but Adobe is especially "special" when it comes to security in my opinion.