Adobe's long battle with security flaws

Adobe's long battle with security flaws

Summary: Adobe has taken a few security hits lately, from the Flashback Mac Trojan and another zero-day exploit in Flash Player to malware-laden PDF files being the hacker's weapon of choice. So what gives?

SHARE:

Adobe has taken a few security hits lately, from the Flashback Mac Trojan and another zero-day exploit in Flash Player to malware-laden PDF files being the hacker's weapon of choice. So what gives?

The problem of malware being distributed in PDF files was actually fixed in Adobe Reader version 10, released almost a year ago. But most people are still using out-of-date versions.

And the problems with Flash Player? They're real, but Flash Player 11 is being released this month, and they'll be fixed. Supposedly.

My guest on the Patch Monday podcast this week — on a Tuesday, thanks to the public holiday yesterday — is Brad Arkin, Adobe's head of product security and privacy.

In our first conversation since mid 2010 — when Adobe had revamped how it integrates security into the software development process — we discuss how things have changed since then, what's new for security in Flash Player 11, why Adobe is doing more new work in the Chrome web browser and the wonderful world of fuzzing.

Arkin also highlights the changing threat landscape that Adobe faces. As in our recent episodes on Operation Shady RAT and cyberwar, espionage is now part of the game.

Patch Monday also includes a look at some of last week's news headlines.

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 27 minutes, 45 seconds

Topics: Security, Software Development

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust.

He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit trap, clear a jam in an IBM model 026 card punch and mix a mean whiskey sour.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • Compared to some of the other "big" companies out there, I actually have some respect for Adobe, although I would dearly love to hit someone over the back of the head with a piece of medical grade 4 * 2 for ever conceiving the idea of Flash Video--having to restream something because you're not allowed to buffer it is just wasting bandwidth.

    These "exploits" are all as a result of allowing commands within any given "platform" to step outside. MS Office lets Word tell Access what to do and vice-versa. As soon as a program/macro/sequence/whatever is allowed to step outside its native platform, one has created a world of exploits--particularly if those routines are self-initilizing.

    It would distress me greatly if PDF Reader could suddenly access other parts of my OS without my previous consent.

    Adobe, please keep working on improvements to PDF but, honestly from a user's perspective, drop Flash.
    Treknology