Is Adobe the next great black hole of vulnerabilities? Will we speak of Adobe in the same breath as we once did of Microsoft's incredibly flawed software?

Adobe is promising a patch for a Flash vulnerability that allows hackers to execute drive-by attacks on site and Web-facing applications using the popular media software. The vulnerability also affects Adobe Reader and Acrobat running on Windows, Mac and Linux operating systems, since the PDF-enabling software includes Flash for presenting rich content.

OK, a couple of thoughts here:

• A week is just way too long to wait for a patch. The vulnerability is already being attacked, and it's relatively easy to exploit. That makes this critical. Adobe published a workaround, but workarounds often result in reduced functionality.
• Why merge Flash and PDF apps? Back in the days when macro-viruses were all the rage, we used formats such as RTF, PDF and TXT to avoid getting whacked with nasty malware. Now we have embedded Flash that opens docs to the whole world to exploit
• Is Adobe symptomatic of things to come? The world wants rich media online experiences. Embedding Flash presentations in previously static documents gives new dimension to information transfer. This will become even more important as portable devices, such as the Kindle, are adopted and their uses expand.
• What is the current state of patch management? Analysis done by Microsoft shows a definitive vulnerability shift away from operating systems to applications—particularly Web-based and Web-facing apps. Patching OSes on servers, firewalls and networking gear was hard enough; now we have scores more applications that will need constant tending.

I don't know about anyone else, but I'm beginning to think Adobe first when someone mentions application vulnerabilities (Microsoft, you're welcome). Application security (or vulnerability) is something that's been a concern for years, but it seems to be reaching a critical mass, and it's being led by Adobe.