Adobe patches demonstrate app security need

Adobe patches demonstrate app security need

Designing an application can be an excellent way to reach out to consumers in the modern technological environment. The world has become "app-ified," with end users longing for the convenience of a program that will accomplish an important function as efficiently as possible. Self-congratulation by companies with an app offering, however, may be premature if they do not invest in application security services. The application world, as with so many facets of the tech landscape, has become a target for hacking.

Adobe announcements demonstrate risks

According to a recent CSO report, recent patches to widely used Adobe applications such as Flash, Reader and Shockwave Player were undertaken to defend against serious security threats, including one that has already been exploited by attackers to take control of Windows computers.

The frequent attacks on Adobe software show a willingness from hackers to find ways into victims' computers through routes other than the browser or the operating system. OS and browser patches are fairly frequent and aggressive, which could have contributed to attackers seeking a less regulated environment. Application penetration testing could reveal notable vulnerabilities in need of attention.

"The bad guys attacked Flash a lot in 2010-11. The security update response time for Flash is now an average of five days," Adobe security director Brad Arkin told CSO.

Exploitable flaws widespread

TechTarget reported that, earlier in 2012, Adobe developers discovered  a cross-site scripting flaw in the Flash browser plugin. According to the source, such problems are fairly common in apps and have become a common site of security exploitation by hackers. Such problems can be used by attackers armed with specifically designed JavaScript code to unlock reserves of private information. Such data collection can serve as the first stage of a more comprehensive cyberattack, possibly involving further malicious software, according to TechTarget.