Adobe the new Microsoft?
The simple black dress never goes out of style. Or so my wife tells me every time she buys another one. Same is true for scapegoats in security. This years whipping boy is Adobe. ScanSafe just came out their yearly report (it seems it is yearly report season. But that is better than yearly “I had another record year but won’t tell you the real numbers” press release season), at it seems a whopping 80% of web exploits involved the vulnerable, if not venerable PDF file courtesy of Adobe.
Whoa! That is impressive. I am sure many of us are just shaking our heads wondering what could Adobe be doing to improve this.
Microsoft can empathize I am sure. It used to be Windows and Office that was posting those kinds of numbers (OK not web exploits but attack vectors). Now it seems exploiting the Microsoft products has either gotten so much harder or is just not profitable enough compared to Adobe.
In any event I am looking for Adobe’s “Trustworthy Computing” initiative to kick off any day now. Until then I don’t think using PDFs is such a great idea.