We all know and love Adobe products. Their PDFs have become as ubiquitous as .DOC, .TXT and .XLS. Most PCs include Adobe Reader as a bundled software. The Adobe Flash media player is the easiest most user
friendly online video player on the planet and required for the most
popular video site YouTube.

Brad Arkin, Adobe’s director for product security and privacy, recently commented, “We’re in the security spotlight right now. There’s no denying that the security community is really focused on ubiquitous third-party products
like ours. We’re cross-platform, on all these different kinds of
devices, so yes, we’re in the spotlight.”

Adobe, in response is doing everything a responsible software developer should do.

Adobe is the same boat today that Microsoft found itself in years ago.
Ground zero. Hack central. Criminal hackers love it. Adobe’s software
or files are used on almost every PC and across operating all systems.
Every browser requires a program to open PDFs and many websites either
have links with PDFs or incorporate Flash to play video or for
aesthetic reasons. According to an estimate from McAfee, in the first
quarter of this year, 28% of all exploit-carrying malware leveraged a
Reader vulnerability.

While attention from the criminal hacking community has certainly been a burden to Adobe, the same attention is now being paid by the white hat hackers, the good guys. The security community is now
actively involved in the reporting of bugs and vulnerabilities, which
is helping Adobe tighten up. Fortunately, Adobe is learning from their
current situation and is actively engaged in resolving these issues.
They’ve created a better, more frequent software updating tool for each
of their programs, including Flash and Adobe Reader. As difficult a
situation as this may be, Adobe is handling it very well.

“Application security” is an often used term when, during the software development cycle, the software or application goes through a series of “penetration tests” designed to seek out vulnerabilities that
could be exploited in the field. Adobe’s process now includes their
Secure Product Lifecycle (SPLC) to seek out and squash those issues. It
is important to understand that flaws, bugs, holes, vulnerabilities, or
whatever you call them, are often detected after the launch
of software. While both developers and criminals have many of the same
tools, the bad guys seem to have an edge and are often able exploit
those flaws before developers can find and fix them. Adobe however is
beginning to turn the tide on the bad guys.

If you function in a Microsoft Windows environment, you should be aware of “Windows Update” and have it set to automatically download and update your operating system’s critical security patches. Updating
Reader and Flash requires manual action, but Adobe’s built-in updater
can also be set to automatic. I’d suggest that most users set this to
automatic as well. If you have an older version of Reader, which may
not include an automatic update option, you should head directly to Adobe.com to download the current software.

Robert Siciliano, personal security and identity theft expert adviser to Just Ask Gemalto, discusses credit and debit card fraud on CNBC. (Disclosures)