Adobe's long battle with security flaws

Summary:Adobe has taken a few security hits lately, from the Flashback Mac Trojan and another zero-day exploit in Flash Player to malware-laden PDF files being the hacker's weapon of choice. So what gives?

Adobe has taken a few security hits lately, from the Flashback Mac Trojan and another zero-day exploit in Flash Player to malware-laden PDF files being the hacker's weapon of choice. So what gives?

The problem of malware being distributed in PDF files was actually fixed in Adobe Reader version 10, released almost a year ago. But most people are still using out-of-date versions.

And the problems with Flash Player? They're real, but Flash Player 11 is being released this month, and they'll be fixed. Supposedly.

My guest on the Patch Monday podcast this week — on a Tuesday, thanks to the public holiday yesterday — is Brad Arkin, Adobe's head of product security and privacy.

In our first conversation since mid 2010 — when Adobe had revamped how it integrates security into the software development process — we discuss how things have changed since then, what's new for security in Flash Player 11, why Adobe is doing more new work in the Chrome web browser and the wonderful world of fuzzing.

Arkin also highlights the changing threat landscape that Adobe faces. As in our recent episodes on Operation Shady RAT and cyberwar, espionage is now part of the game.

Patch Monday also includes a look at some of last week's news headlines.

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 27 minutes, 45 seconds

Topics: Security, Software Development

About

Stilgherrian is a freelance journalist, commentator and podcaster interested in big-picture internet issues, especially security, cybercrime and hoovering up bulldust. He studied computing science and linguistics before a wide-ranging media career and a stint at running an IT business. He can write iptables firewall rules, set a rabbit tr... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.