I had an email conversation recently with an individual from Adobe, which eventually turned into this article: What Adobe Has Done to Improve Security. In IT circles, Adobe was considered the developer of all things buggy and unsecure. If a month went by without a patch for a zero-day flaw, IT admins assumed Adobe had finally gone out of business and started hitting their web site to see if it was still alive. IT organizations spent a good amount of time replacing Adobe products with alternatives where they could.
But, as you read in the aforementioned article, Adobe took the negative press seriously and did something about it. And, they aren't stopping there. They seem to be on a mission to change the industry's perception of their products.
Adobe has released information on how they worked closely with Microsoft to make Flash player security a top concern for Windows 8 and IE10. They outline several key areas where they took steps to ensure that Flash is as secure as it can be and doesn't become a backdoor through Windows 8 and IE10 security.
Some of the areas they worked on are:
- Flash player updates are now distributed through Windows Update
- Enterprises can deploy Flash player updates using their normal patch management apps and processes
- Due to Enhanced Protection Mode (EPM) in IE10, Flash player now runs as a 64-bit process
- Flash player runs as a low privileged process in IE10's sandbox technology, AppContainer
Read the full description: Flash Player Security with Windows 8 and Internet Explorer 10
Has Adobe done enough? What other things can they do to change your mind about the security of their products?