Entries in Adobe (2)

Saturday
Jun052010

Adobe Unsafe on Any System

Yet again Adobe's software has been exposed has unsafe. This latest exploit could allow an attacker to take control of a computer by way of a flaw found in Flash, Adobe Reader and Acrobat. This yet another reason why I'm in full support of open standards and not closed or defacto standards. This latest security issue affects all operating systems Windows, Mac OS X, and Linux.

Links
http://www.adobe.com/support/security/advisories/apsa10-01.html

Wednesday
May122010

Adobe's Downfall

Over the past few weeks Adobe and Apple have been battling about the openness of the iPhoneOS platform's (iPhone, iPod Touch, and iPad). During this battle both side have made statements about Adobe's Flash product. Now other companies are joining in on the battle, Microsoft and Opera to name a few. An on top of the Flash issues Adobe is not updating security flaws that are found in their PDF reader products. It troubles me that company which controls an array of software products refuses to perform basic security updates when there are know exploits in the wild. It also troubles me that this same company claims to be for open standards of development is blatantly against openness. Let's break down the issues that are surfacing around Adobe products.

Flash

Currently Flash is a de facto standard for web sites that wish to embedded media media. This is much akin to the when Microsoft's Internet Explore was the de facto standard in web browsers, until Firefox entered the seen in later 2004. This in Microsoft's case allow them to directly influence web development standards and code languages. While Microsoft's foot hold on web development has been loosened over the past decade Adobe's has been growing. Yes there are some statistics out there that indicate that Microsoft's Sliverlight is the market share leader when comes to media rich web sites, but the web is moving towards open standards. Apple, Microsoft, Google, Firefox, and Opera have started moving their web browsers toward HTML5 which will support video nativity.

Acrobat PDF Reader

Over the past year Adobe's PDF reader and possibly their creation application have shown that they are possible threat attack vectors. While anti virus software will detect and remove these inbound threats to end user system's it is still the responsibility of Adobe to maintain it's code base in a way that will decrease the possible threat vectors currently and in the future. Adobes response to bugs in the code is to issue quarterly patches. While this is a good idea the vendor should release fixes to coding errors that when left un-patched can and will lead to end user computer systems being compromised. Even Microsoft releases out cycle patches when needed, once a patch has been created. Adobe of late seems to feel that they are above deploying timely fixed to their software. While they have provided a work around to the latest security, they do not offer an easy when way for companies to deploy it. Adobe as just released a fix for one of the security issues that prompt me to write this posting, even with that being said the response time to patching vulnerabilities that know to be in the wild is worst then Microsoft's.

Conclusion

While Adobe has become one of the leaders in web based application development the organization is using their position to seek control over more platforms and claiming to do so under the guise of being an open development system for better cross platform interoperability. While this may aid some development in the short term is it truly the best solution in the long run? Adobe claims to be an open development platform for building cross OS applications, but most would agree that an open source is one that is supported by multiple organizations. I believe that most would also agree that open systems allow for full code review by independent sources. This would than exclude Adobe from being a true open development environment.


Links:
http://news.cnet.com/security/?keyword=Adobe

http://www.ghacks.net/2010/04/19/adobe-reader-vulnerability-exploited-by-botnet/

http://www.zdnet.com/blog/security/critical-flaws-haunt-adobe-pdf-reader-acrobat/6135

http://www.grc.com/sn/sn-245.txt