As with many other software vendors, Adobe has found itself rife with security vulnerabilities in a number of its products. A recently patched series of flaws in Acrobat, the longtime standard for Web documents, has already infected thousands, according to some researchers. Some older versions of Acrobat are still waiting for a patch, but users of Acrobat Reader and Professional version 8 are urged to download and install the latest patches.
Adobe PDF exploit infects 'many thousands,' says researcher (Computerworld)
Exploits plague Adobe Reader and Acrobat (News.com)
Unfortunately for Adobe, Acrobat is not the only product with vulnerabilities. Adobe has also come under fire for its Flash product which, while delivering some stunning graphics in surprisingly small files, does not have security controls that can effectively keep malware writers from doing such simple tasks as Web site redirection. A recent blog post by a Microsoft Most Valuable Professional called for people to uninstall Flash as a result of the lack of security options, likely a plug for Microsoft's competing Silverlight technology.
Critics Throw Stones At Security Of Adobe's Flash (Information Week)
Security is just a way of life at my job. We secure the network, hackers and malware authors try to compromise our systems, and we secure ourselves some more. One thing that we will be improving in the near future is our patch management. We currently use WSUS for many of our client machines, but we are looking at a commercial package that integrates into a product we already own. One of our big issues is that since we are an educational institution, we cannot do a lot of URL filtering and blocking on the Net. Our instructors need unfettered access for research and our students need the same. What do you do to make sure that your systems are patched so that you don't have to worry as much about what sites your users visit?