Adobe, it seems, is a victim of being a huge success: having issued two out-of-band updates (emergency fixes, outside of the usual patching release cycle) within 9 days of each other.
The single biggest problem with Flash is that it is ubiquitous on the web, and installed on so many machines, and not just Windows PCs, making it an important cross-platform infection vector.
While, absolutely, Adobe has to take a large part of the blame, and they are addressing the issue by getting better and better at security fix responses, the simple huge popularity of the technology has made it a core target of hackers and malware pedlars.
One of the core problems, from a security perspective, however, is that, according to this computerworld article, fixes can take time (from 72 hours and up), and during that time users are not only vulnerable, but have no real indicators that they are vulnerable, meaning, depending on the exploit, hackers and malware authors have carte blanche on the user machine until the problem is fixed, and the user probably has no indication idea of this.
So, what can you do?
The most drastic answer would be to decline to install Flash or Shockwave plug-ins on your system, and in some highly sensitive corporate or government / military settings, this might be the only way forward; but in taking such drastic action, normal users are shutting off functionality, user experience, or, at worst, access to the latest amusing animations and on-line content.
Another is to use a browser that can support running Flash in a sandbox, such as Google’s Chrome browser.
The single best solution however, is an approach using both of the above, AND making sure your Adobe Flash software (and that of other manufacturers) is always up-to-date.
Up-to-date patches are not a panacea, however, but remain the biggest single way (un-patched machines) that malware authors can propagate their wares, so we strongly recommend that users keep their drivers, operating system, plug-ins and other software up-to-date, and this should be a daily check where possible.
We think you'd also like: