Today is the day after. Which day after? Well the latest Adobe Flash 0-day bug discovery. One that is actively being exploited in the field. Adobe just released a patch, unfortunately it did not include the latest bug. They appeared to pass each other in the night, okay day.
From www.sans.org/newsletter/newsbites/xvii/81 which was forwarded to me. Included is this:
Editor's Note (Murray): It is not simply that Flash has many implementation-induced vulnerabilities, not merely that it has frequent patches, there is no "there" there. It is that its risk exceeds any residual value that it might ever have had. Managing this risk is beyond the capabilities of Adobe. The resources of others consumed trying to deal with it exceeds the value of Adobe. It appears to be beyond the ability of the entire industry to deal with it. We seem to be unable to manage it and too feckless to get rid of it. Only Steve Jobs had the courage to act on what we all know.
This is why Flash must go, it must be removed. If the artists and designers depend on its workflow then that work flow must be moved elsewhere. The ease of those using Flash to build content (be it web or games) cannot be important than the security of the users. It simply cannot be.