Although Adobe's working on boosting Flash's security -- it's collaborated with Google, for example, to sandbox Flash in Chrome -- for now, its best defense is to quickly react to exploits with a patch.
"I think we're more aggressive than Microsoft," said Arkin, referring to the two companies' approaches to shipping out-of-band updates. "Basically, if we have information about attacks in the wild, or if the information is out there on a [security] mailing list -- which means attacks are imminent -- that tends to be a trigger for us to think about an out-of-band."
Microsoft's criteria for deciding whether to issue an emergency patch is confidential, but the company has said it generally considers an out-of-band fix if it sees attacks increasing in volume.
By pushing out a patch as quickly as possible, Adobe believes it squelches discussion among security researchers and attackers.
"If there are attacks in the wild, there will be lots of blog posts analyzing the vulnerability and exploit," said Arkin. "The information migrates from the high end to the low end very quickly. So we squash the debate by fixing it."
Arkin said Adobe has focused on getting patches out quickly, and that the fix for an earlier Flash vulnerability -- one Adobe released June 5 -- had a turn-around of less than 72 hours.
"The more practice we have, the faster we turn around [patches]," Arkin said.
Adair urged everyone to keep Flash Player up-to-date. "If you or your organization runs Adobe Flash and you're not keeping up on these patches ... you are in bad shape," he said.
The newest version of Flash Player can be downloaded from Adobe's website. Alternately, users can run the program's integrated update tool or wait for the software to prompt them that a patched edition is available.
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, or subscribe to Gregg's RSS feed. His email address is firstname.lastname@example.org.
Read more about security in Computerworld's Security Topic Center.