As much as we like to hate Adobe's system-clogging security updates, the one it released yesterday is important.
I try to avoid FUD whenever possible, especially over vulnerabilities. But I feel the need to say something after hearing several friends and relatives complain and ask, "Do I have to have this update?"
If you look at what my Computerworld colleague Gregg Keizer writes, the answer is clearly yes:
Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers.
That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in.
Adobe is one of the most popular targets of scorn in the security community today, and this kind of flaw just adds fuel to the fire.
The way IT security pros see it, Adobe is the monster they can't live with anymore. But they really can't live without it, either.
Users rely on Adobe software to create, edit and view a variety of rich media content. But for many security practitioners, frequent attacks against a range of security holes has become too much to take.
Last week, Adobe haters got all excited over word that Microsoft appears to be taking a page out of Apple's play book, saying it'll dump plug-ins such as Adobe Flash from Internet Explorer 10 in Windows 8.
Similar hopes have been built upon Apple's practice of shutting out Flash in its products.
But we're going to have to deal with Adobe Flash in its current form for quite a while yet.
Someday, maybe it will go away as some hope, though I tend to doubt it.
Or, even better in my opinion, it will survive because Adobe will make it better and more secure.
For now, it is what it is, so install this security update as soon as you can.
Get your morning news fix with the daily Salted Hash e-newsletter!