Outdated browser plugins pose a considerable security threat. According to a report published earlier this year by security and compliance management company Qualys, 80 percent of all browser vulnerabilities stem from outdated plugins. The company behind the browser security analysis tool BrowserCheck, Qualys has just ranked different browser plugins based on their affinity for remaining outdated.
Call it the Swiss cheese of software if you will, but Adobe this week managed to idenfity no less than six vulnerabilities in its Flash Player platform affecting versions 10.1.53.64 and earlier.
"These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system," Adobe warns in a security bulletin.
This is the third round of updates for Adobe's Flash Player so far in 2010, which is found on an estimated 99 percent of PCs. Earlier updates in March and June plugged up another 33 security holes, bringing the total to 39 for the year.
Going forward, Adobe might switch to a quarterly schedule and pre-patch warning system, like it does with its Reader and Acrobat software.
According to a bulletin from Adobe Labs, Adobe Systems has decided to halt the development of the Labs program of Flash Player 10 software for 64-bit flavors of Linux. Adobe insists this is only temporary, as well as necessary in order to making significant architectural changes and beef up security.
"We are fully committed to bringing native 64-bit Flash Player for the desktop by providing native support for Windows, Macintosh, and Linux 64-bit platforms in an upcoming major release of Flash Player," Adobe added. "We intend to provide more regular update information on our progress as we continue our work on 64-bit versions of Flash Player. Thank you for your continued help and support."
According to InfoWorld, an Adobe representative expressed the same sentiment, saying that the company is not killing development, and instead working to improve the underlying code for this version of the runtime.
Apple and Adobe have been trading verbal blows quite regularly, with both companies even accusing each other of being a “closed system” at an unwittingly hilarious point in their duel. But Apple’s resolute vow to never allow Flash on the iPhone and iPad means Adobe, whether it likes it or not, will have to concentrate on other mobile devices. And it does seem to have the blessings of nearly all other major players in the smartphone market.
But Adobe might just be counting its chickens too early, especially given its failures to bridge the vast gulf between desktop and mobile versions of the Flash players. It can’t really afford another failed attempt.