Adobe's long battle with security flaws

Adobe has taken a few security hits lately, from the Flashback Mac Trojan and another zero-day exploit in Flash Player to malware-laden PDF files being the hacker's weapon of choice. So what gives?

The problem of malware being distributed in PDF files was actually fixed in Adobe Reader version 10, released almost a year ago. But most people are still using out-of-date versions.

And the problems with Flash Player? They're real, but Flash Player 11 is being released this month, and they'll be fixed. Supposedly.

My guest on the Patch Monday podcast this week — on a Tuesday, thanks to the public holiday yesterday — is Brad Arkin, Adobe's head of product security and privacy.

In our first conversation since mid 2010 — when Adobe had revamped how it integrates security into the software development process — we discuss how things have changed since then, what's new for security in Flash Player 11, why Adobe is doing more new work in the Chrome web browser and the wonderful world of fuzzing.

Arkin also highlights the changing threat landscape that Adobe faces. As in our recent episodes on Operation Shady RAT and cyberwar, espionage is now part of the game.

Patch Monday also includes a look at some of last week's news headlines.

To leave an audio comment on the program, Skype to stilgherrian, or phone Sydney 02 8011 3733.

Running time: 27 minutes, 45 seconds