Security experts say Adobe Flash and Reader are commonly targeted because the software maker has a massive install base. The company has made great strides in implementing security restrictions in its software and adding automated update features to ensure patches are quickly applied to the software and its browser components.
In April, Adobe issued an emergency update to address a Flash Player zero-day flaw. Windows users were the target of the attacks, which used a Word document containing the malicious Flash content. Antimalware firm FireEye detected an Adobe Reader zero-day flaw, which was delivered through malicious PDF files. IBM noted in its analysis that the Reader zero-day malware was the first in-the-wild exploit capable of escaping the Reader sandbox, which was first introduced in 2010.