After Patches, Adobe Flash Still Not Secure

Adobe's Flash application is great for creating and watching rich multimedia applications, but it's one of the applications security researchers fear most because it is highly vulnerable to hackers. The application has come under more intensive scrutiny recently after Adobe issued a patch for yet another vulnerability discovered earlier this week.

"We're spending a lot of time researching the vulnerability of Adobe Flash because we foresee the problem getting worse before it gets better," Holly Stewart, threat response manager at IBM (NYSE: IBM) Internet Security Systems' X-Force research team told InternetNews.com by e-mail.

At the end of 2008, 15 percent of all malicious links were to Flash movies containing malware, Stewart said. She added that people continue falling victim to Flash exploits because most of them do not patch Adobe applications when these are available.

The latest vulnerability lets attackers take control of victims' computers through a buffer overflow, Adobe said in a security bulletin. It occurs in Flash Player 10.0.12.36 and earlier versions, Adobe said. The vendor has issued a patch for the vulnerability, which it has named APSB09-01.
Continue reading here....