Before software came along, the word adobe was better known as the mud and straw bricks used to build structures popular in warm dry climates. And right now, the software vendor Adobe may just signify mud for computer users as well.

Just in the the past couple of days, two new exploits have been found which involve shipping versions of Adobe products:

1. Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit PoC is released; and
2. A zero day exploit involving Adobe Reader / Acrobat 9.1.2 and Adobe Flash Player 9 and 10.

Even the hackers writing the exploits seem to feel a little sorry for Adobe, which has proven a too easy target in the past year. Jeremy Brown, author of the NOS Local Privilege Escalation, commented in his exploit notes:

"But maybe give Adobe a break? 2009 has been a rough year for them already, heh."

That would be an understatement. In 2008, malicious PDF files exploiting vulnerabilities in Adobe Reader & Adobe Acrobat outpaced all other exploits (33% for the total year; 56% in 4Q08). Second runner-up? Adobe Flash, which compromised 59% of all Web-delivered exploits in 3Q08 and 30% in 4Q08. And that trend has continued, even accelerated, in 2009.

And if numbers like that don't make it hard enough to maintain sympathy for Adobe, consider this: despite the many vulnerabilities, Adobe continues to offer the older, even more vulnerable 9.1 version on its official download site.