- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
Yes, this Adobe Flash update IS important
I try to avoid FUD whenever possible, especially over vulnerabilities. But I feel the need to say something after hearing several friends and relatives complain and ask, "Do I have to have this update?"
If you look at what my Computerworld colleague Gregg Keizer writes, the answer is clearly yes:
Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers.
That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.
Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.
Adobe is one of the most popular targets of scorn in the security community today, and this kind of flaw just adds fuel to the fire.
The way IT security pros see it, Adobe is the monster they can't live with anymore. But they really can't live without it, either.
Users rely on Adobe software to create, edit and view a variety of rich media content. But for many security practitioners, frequent attacks against a range of security holes has become too much to take.
Last week, Adobe haters got all excited over word that Microsoft appears to be taking a page out of Apple's play book, saying it'll dump plug-ins such as Adobe Flash from Internet Explorer 10 in Windows 8.
Similar hopes have been built upon Apple's practice of shutting out Flash in its products.
But we're going to have to deal with Adobe Flash in its current form for quite a while yet.
Someday, maybe it will go away as some hope, though I tend to doubt it.
Or, even better in my opinion, it will survive because Adobe will make it better and more secure.
For now, it is what it is, so install this security update as soon as you can.
Get your morning news fix with the daily Salted Hash e-newsletter! Sign up today.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.
- Redefine Business Portability
- Prevent Mobile Devices from Loading Dangerous Code
- Expanding Your Security Perimeter: Common Sense for Navigating Today's Threat Landscape
- Fighting Fraud Videos: IBM Intelligent Investigation Manager
- IBM Intelligent Investigation Manager: Online Product Demo
- Webinar: IBM IIM for Fraud, Abuse and Waste in Government