When you are talking about the value of vulnerabilities on a computer system, there are very few that are as valuable as the ones that come from Adobe. There are several different factors that rank in why one vulnerability is worth more than another. The harm that the vulnerability causes, its ability to be in the machine and not let anyone know that it is there, the wide use of the software that the vulnerability affects are all factors that will cause the value to go higher or lower. There are many different reasons. Adobe has several factors that make it worth a lot. In this article I will take a look at this and also how you can keep the Adobe products that are installed in your network safe and secure.
The price of vulnerability
Some people wonder why any vulnerability would have a price on it when you can find them for free all over the place. There is a good reason why places such as Google, Microsoft and others pay hackers to find any serious vulnerability in their systems. It is all about the first mover advantage when you are talking about holes in the system. Even though you may find a lot of vulnerability holes on the internet, most of them are not the ones that you would consider new. They are known to a lot of people in both the black hat and white hat community. These types of holes are easily patched by someone who pays attention to the world of computer security.
When you are talking about a new security hole that is a different case. A new hole is so valuable because there is no way that everyone else gets to patch their systems until it is out in the wild. When you have found a new hole then you have a very big window to be able to infect a lot of the computers that are connected to the internet. That is why these big companies pay people to find the holes for them. They want to be able to shut down these holes before anyone else finds them. If the hole is not known to anyone else but the bad guy, then the good guy’s customers will be hit hard and no-one will get the blame except the corporations who failed to miss this hole.
So why is Adobe so important?
The fact is, Adobe, the company, is not as important to people who find holes in software as it is some of their products that are at issue. Adobe is home to some of the most widespread software in the world. Second to Windows by Microsoft, their software is everywhere.
The number one plug-in in the world is the Flash plug-in. It is the software that allows you to play Flash content on the browser of your choosing. In case you do not know what Flash is, it is the content that you see on many of the web sites that you go to that seems as if it is animated. While there are other technologies that are coming out that are trying to replace Flash, it is still the number one leader by far. If you find a hole in the Flash software it means that you have inside access to a large amount of computers in the world. If you know that Microsoft Windows is on almost 90% of the computers in the world and that the Flash plug-in is in almost all of them, you can create a bug that is going to have wide distribution. All you have to do is to create a payload that can be carried through the hole and you have found a way to have a widespread piece of malware on your hands.
So you might be thinking that ok, they have that one way to get in the computers, so all I have to do is to make sure that Flash is secured. Wrong, that is not the only software that Adobe has on your computer. They also have the software that allows you to read PDF files on your system. While their PDF software is not as far reaching as Flash, it still has a pretty deep penetration in the market. The same way that black hat hackers are able to use Flash to deliver a payload, they could potentially do the same with Adobe’s PDF software as well.
This is what makes finding a hole in the Adobe software family so valuable. They have software that is available in almost every Windows machine that is out on the market. If you are able to find a hole in them then you know that your malware is going to be widespread until they find a way to stop it.