So I was perusing the web, doing my regular year-end survey of the busiest, biggest/slowest/most watched and came across the buggiest software of the year list and it turns out Firefox and Adobe found their way to the top of this dubious list.
Seeing Firefox on top of the list made sense – it is open source, so all bugs are publicly documented; but seeing Adobe up there is not a good thing. Hackers are moving away from attacking the relatively more stable OS to exploiting holes in applications. Application providers unlike OS manufacturers are not used to this kind of security scrutiny… and Adobe finds itself under heavy attack from exploiters:
“During the first three months of 2009, F-Secure discovered 663 targeted attack files, the most popular type being PDFs at nearly 50 percent, followed by Microsoft Word at nearly 40 percent, Excel at 7 percent, and PowerPoint at 4.5 percent.”
Adobe has responded by saying that it will be patching its releases on a regular schedule even though we still wait for Adobe to patch up its latest zero-day hole in Reader and Acrobat.
But in the meantime, please do update your Flash player – it is not only the cool features that you are missing out on – apparently, this is now a critical security requirement.