Adobe Should Be More Proactive About Security

Adobe will , expected within two weeks, to plug a security flaw in Adobe Reader, the of the program's recent vulnerabilities. The problem is, this flaw was found through a presentation at the Black Hat conference last week, and not by Adobe's security team.

Perhaps Adobe should put the presenter, Charlie Miller, an analyst with Independent Security Evaluators, on the payroll? Maybe then it can become proactive rather than reactive in meeting its clients' needs.

Miller's presentation, based on his white paper, illustrates how the bug allows a ne'er-do-well to gain control of a computer by in how Adobe Reader parses fonts in portable document format (PDF).

It's also known as an "integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and Acrobat 9.3.3," according to the U.S. Department of Homeland Security's National Vulnerability Database. That means a malicious PDF with a secretly-coded TrueType font can be used to hack into your computer.

Is this latest bug merely an unfortunate incident? Maybe not. Adobe's PDF viewer had , and Adobe's response was to tell users to wait for an update at the end of the year. (So far, Adobe has released four patches for Acrobat and Reader this year.)

Add to this the , and you can see that it has "one of the worst security records," and can cause businesses plenty of headaches.