As much as we like to hate Adobe’s system-clogging security updates, the one it released yesterday is important.I try to avoid FUD whenever possible, especially over vulnerabilities. But I feel the need to say something after hearing several friends and relatives complain and ask, “Do I have to have this update?”If you look at what my Computerworld colleague Gregg Keizer writes, the answer is clearly yes:Adobe on Wednesday patched six vulnerabilities in Flash Player, including one it admitted is already being exploited by attackers. That vulnerability, identified as CVE-2011-2444, shares some traits with an earlier Flash flaw that was used to target Gmail accounts in June.Adobe labeled CVE-2011-2444 as a cross-site scripting (XSS) vulnerability, a class of bugs often used by identity thieves to steal usernames and passwords from vulnerable browsers. In this case, browsers were not directly targeted; rather, attackers exploited the ubiquitous Flash Player browser plug-in. Adobe is one of the most popular targets of scorn in the security community today, and this kind of flaw just adds fuel to the fire.The way IT security pros see it, Adobe is the monster they can’t live with anymore. But they really can’t live without it, either.Users rely on Adobe software to create, edit and view a variety of rich media content. But for many security practitioners, frequent attacks against a range of security holes has become too much to take.Last week, Adobe haters got all excited over word that Microsoft appears to be taking a page out of Apple’s play book, saying it’ll dump plug-ins such as Adobe Flash from Internet Explorer 10 in Windows 8.Similar hopes have been built upon Apple’s practice of shutting out Flash in its products.But we’re going to have to deal with Adobe Flash in its current form for quite a while yet. Someday, maybe it will go away as some hope, though I tend to doubt it.Or, even better in my opinion, it will survive because Adobe will make it better and more secure.For now, it is what it is, so install this security update as soon as you can.–Bill Brenner Sign up today.Get your morning news fix with the daily Salted Hash e-newsletter! Related content news Gwinnett Medical Center investigating possible data breach After being contacted by Salted Hash, Gwinnett Medical Center has confirmed they're investigating a security incident By Steve Ragan Oct 02, 2018 6 mins Regulation Data Breach Hacking news Facebook: 30 million accounts impacted by security flaw (updated) In a blog post, Facebook’s VP of product management Guy Rosen said the attackers exploited a flaw in the website's 'View As' function By Steve Ragan Sep 28, 2018 4 mins Data Breach Security news Scammers pose as CNN's Wolf Blitzer, target security professionals Did they really think this would work? By Steve Ragan Sep 04, 2018 2 mins Phishing Social Engineering Security news Congress pushes MITRE to fix CVE program, suggests regular reviews and stable funding After a year of investigation into the Common Vulnerabilities and Exposures (CVE) program, the Energy and Commerce Committee has some suggestions as to how it can be improved By Steve Ragan Aug 27, 2018 3 mins Vulnerabilities Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe