If I were a bad guy and I wanted to pwn lots of people via the web - I'd probably focus my efforts on ubiquitous software guaranteed to give me a lot of bang for my buck (like Flash and Acrobat).  Software like Flash would seem like a good target given that it's installed on just about everything these days.  Adobe released Flash 10 recently and I'm just guessing it's got some security bug fixes in it that would probably be good to have.  I'd install it ASAP.

Oh and has anyone else noticed that Acrobat 9 still:

  1. Opens PDFs by default in a browser *without prompting* the user
  2. Runs JavaScript by default (I'm sure it's 'sandboxed' - whatever - i still disable this by default on all my boxes).

And does this remind anyone of Office circa 2000 when we let VBA macros run by default and didn't prompt users before opening documents via the web?  How is it possible that in 2008 this still happens with our competitors?