[Infowarrior] - Is Adobe the next (pre-2002) Microsoft?

[Richard Forno]

Is Adobe the next (pre-2002) Microsoft?
by Elinor Mills

If you are a criminal and you want to break into a network a common  
attack method is to exploit a hole in software that exists on most  
computers, has its fair share of holes and isn't automatically updated.
In 2002, that would have been Windows. Today, it's likely to be Adobe  
Reader or Flash Player, whose shares of vulnerabilities and exploits  
are on the rise while Microsoft's is falling.

Nearly half of targeted attacks exploit holes in Acrobat Reader, which  
is used to read PDF (portable document format) files, according to F- 
Secure. Meanwhile, the number of PDF files used in dangerous Web drive- 
by attacks jumped from 128 during the first three and a half months of  
last year to more than 2,300 during that time this year, the company  
said.

In addition, there are more and more Zero-Day holes, vulnerabilities  
that are public before a patch is available. Like sitting ducks, users  
of affected software are left wide open to attack until a fix is  
available.

There have been Zero-Day exploits for the Flash Player plug-in, used  
for viewing rich media like videos and interactive charts on Web  
sites. And in one case this spring, a Zero-Day hole in Adobe Reader  
spurred security experts to recommend that users disable JavaScript.

One security researcher at Black Hat last week, who asked to remain  
anonymous, said: "As a result of the number of Zero-Day attacks on  
PDFs this year, large banks hate Adobe."

< - >

http://news.cnet.com/8301-27080_3-10304455-245.html?part=rss&subj=news&tag=2547-1_3-0-20