Adobe Gets the Message

[Corrine]

In a recent article on Trustworthy Computing, MSFT Jeff Jones provided interesting information about vulnerabilities by vendor. Included in the report was Adobe, with Shockwave, Acrobat and Flash listed as top vulnerability contributors for Adobe in 2011.

From An Update for the Flash Player Updater « Adobe Secure Software Engineering Team (ASSET) Blog (links to CSIS report & Microsoft SIR at source):

If you read this September 2011 CSIS report, then you saw that 99.8 percent of malware installs through exploit kits are targeting out-of-date software installations. This point was reiterated recently in volume 11 of the Microsoft Security Intelligent Report. Also, attackers have been taking advantage of users trying to manually search for Flash Player updates by buying ads on search engines pretending to be legitimate Flash Player download sites. Improving the update process is probably the single most important challenge we can tackle for our customers at this time. {Bold added}

After updating to Adobe Flash Player 11.2, the following update options will be available:

• Install updates automatically when available (recommended)
• Notify me when updates are available
• Never check for updates (not recommended)

I hope that those folks who ignore Flash Player updates select the option to install the updates automatically.

 

[AceInfinity]

Socially engineered malware is one of the biggest methods of infecting computer users with viruses today, even though there are others out there. Most like to target to less knowledgable computer users as far as I know. So in the end result I still think it's the user's fault as to downloading an infected file. Phishing sites are huge out there today.