More Warnings about Flash/Acrobat Reader Vulnerabilities

Ever read .PDFs or watch something in Flash?

Most people do. In fact, something like 99% of all computers have Flash installed likewise a huge portion of computers have Acrobat Reader, too.

As such, if you're in that 99% pool, you're probably vulnerable, as roughly 80% of all computers still are according to internet security firm Trusteer.

A couple of weeks ago, we covered the Flash / Acrobat Reader Security Advisory, and now there's more warning on WebProNews about the same Flash / Acrobat vulnerabilities.

In the posting there by Chris Crum he quotes Trusteer's CEO, Mickey Boodaei, as saying,

"Adobe is facing some major security challenges and one of its biggest hurdles is its software update mechanism.

"For some reason, it is not effective enough in distributing security patches to the field.

"Given the lack of attention this situation has received to date, it appears that few people understand the magnitude of the problem. We recommend that all enterprises and individuals install the latest Flash and Acrobat updates immediately.

[Editor's note: emphasis is mine.]

We originally covered this vulnerability two weeks ago saying,

"...there's an urgent update that Adobe has just made to Acrobat, Flash Player, and Adobe Reader."

So, now that there are others adding their voices to the chorus, and we're all saying this is a big deal, please visit this page on Adobe's site which covers the Acrobat/Flash security update.

If you're reading this article, please, stop what you're doing, go to that URL, *read* it, and follow Adobe's instructions.

Regardless of if the rest of your Windows OS is patched, regardless of whether or not you have a software firewall running, and regardless of whether or not you've installed the best antivirus software or an Internet security suite, you still need to do this. 

Acrobat and Flash live outside of the normal Windows Update mechanism, and thus, they can not be upgraded via Windows Update and are best upgraded manually, (i.e. don't rely on the Adobe autoupdater.)

In our humble opinion, this vulnerability has every bit the potential to be even bigger than the Conficker worm from early April this year because of the enormous install base Acrobat and Flash have.