Re: Oh Adobe...
Of course that's possible, however it's incredibly uncommon and not just at Adobe, the OpenSSL bug last year was the same kind of bug. It might be perhaps telling that we've known about these kind of exploits for 40 years and yet they're still incredibly common in code. They're common because they're really easy mistakes to make.
Every single bit of non trivial code uses the kind of data structures that are vulnerable to exploits like this over and over again, because they're just that common. All it takes is missing a bounds check on one very specific way of accessing your code that you may never have thought of or saying "no one is ever going to access this code that way" once in a project to get a vulnerability and things like that happen way, way, way more often than once in a project.
I'll guarantee that if you're actually a developer you've written at least a hundred of them, mostly in little things, only intended to be used internally or only in a specific space. Or you've counted on a library to do something and the library's author has screwed it up.
Flash is of course particularly vulnerable because Flash was first and never died. It was made when the world was a very different place and all sorts of horrors had to be coded in to make it even remotely plausible. Every attempt at a replacement has failed to date, including the idea that HTML 5 will kill it, as if YouTube videos were the only reason anyone ever used flash.
Biting the hand that feeds IT
