Security patching beyond the OS

Adobe software is widely used -- and widely exploited

Earlier this week, a report from the SANS Institute outlined the importance of patching not just operating systems, but all client-side software. In particular, the report mentioned popular software from Adobe needs to be patched, since it’s widely used.

It seems Adobe software is widely exploited, too. According to the SANS Institute, Adobe’s Acrobat and Flash Player were the target of one of six major zero-day exploits over the past six months.

The proposed solution is to patch browser plug-ins, applications, and other client-side software as diligently as operating systems are updated.

To that end, Mozilla has some good news. It announced yesterday that thanks to a recent effort to get Firefox users to update their plug-ins for security’s sake, ten million users went to Adobe’s update site when urged.

Mozilla’s campaign starts with Firefox 3.5.3 and 3.0.14. The Firefox security update for those versions displays a message encouraging users to upgrade to the most recent version of Adobe Flash Player immediately, and links to the Adobe site. Users of current versions of Adobe Flash Player get a message after running the security update telling them they’ve got a current version, and therefore they will be “safer on the Web.”

Mozilla is pleased with the success of its campaign, and plans to find additional ways to make Firefox users more secure on the Web. These plans include adding other plug-ins to the program, and “building an integrated check that will let you know whenever a site you visit is trying to use an outdated plug-in,” according to a Mozilla security blog post.

Do you tweet? Follow me on Twitter here.

Insider: How the basic tech behind the Internet works
Join the discussion
Be the first to comment on this article. Our Commenting Policies