No, your plug-in hasn't crashed. But be on the lookout when downloading your next Adobe software patch.
Nearly everyone with a computer has used Adobe ( software at some point, whether opening PDF files with Adobe Acrobat or watching a video on YouTube with Adobe's Flash Player. But consumers likely aren't fully aware how riddled with security flaws Adobe's software is. )
Former Apple (Fortune 500) CEO Steve Jobs in 2010 addressed the issue in an , open letter rant about Adobe's security, blaming the company's Flash player for being "the number one reason Macs crash" and citing Flash for having "one of the worst security records in 2009."
But Jobs didn't go nearly far enough: Adobe's security problems aren't limited to Flash, and go far beyond just one bad year.
Adobe's Flash Player topped the Symantec's (Fortune 500) annual list of vulnerable plug-in programs in 2012. Adobe's Acrobat Reader took that spot in 2010. And in 2009, both programs tied for second place. Fixing those giant holes with security patches is part of the reason why Adobe constantly bugs consumers about updating their software. ,
So last week's attack on 2.9 million Adobe customers' names, encrypted passwords and bank account information perhaps shouldn't have come as a surprise. But it could ultimately be remembered as the worst in Adobe's history.
Adobe's chief security officer Brad Arkin revealed that, as part of the attack, hackers managed to steal source code for Adobe Acrobat, ColdFusion, ColdFusion Builder and other Adobe products. That essentially gives the hackers blueprints to find further weaknesses -- and exploit them, several security experts noted. It heightens the danger for anyone using Adobe products.
In a blog post, Adobe's Arkin refuted that notion, saying the company is "not aware of any specific increased risk to customers as a result of this incident."
Part of Adobe's security problem is an inevitable byproduct of its success: Adobe's products are widely used and therefore have become an enormous target for bad guys looking to cast as wide a net as possible to infect computers with their malicious software.
But Adobe's long history of major security screwups suggests that the company needs to take a long, hard look in the mirror.
Adobe's software is a prime target, cyber security experts say, because its core code is old and weak by today's standards. Updates and patches that are built on top of that code can't make up for its inherent flaws. It's akin to making repairs to a house with a sinking foundation.
Adobe declined to comment on the cause of its flawed security record.
"When you have very primitive infrastructure, it's extremely hard to put modern tools into it," said Dipto Chakravarty, executive vice president of engineering and products at the security firm ThreatTrack Security.
Kevin Rogers, CEO of security firm Cypherpath, said Adobe's customers will remain at risk of attack until the company completely revamps its software.
|Ousted Yahoo exec gets $58 million golden parachute|
|Canadians arrest a Heartbleed hacker|
|US Airways won't fire worker who sent lewd tweet|
|Hybrid laundromat-cafes are popping up across the country|
|GM's recalled Cobalt was a failure from the start|