On 2008-04-29 I wrote Update your Flash! because a lot of users still used a vulnerable version of Adobe Flash. Date of the Security Bulletin: 2008-04-08
On 2008-05-28 I wrote Deactivate your Flash!, because the first announcements said that all versions of Adobe Flash are affected by an exploit. This information was updated later: Only old versions are affected. The current version 9.0.124.0 is OK (for now).
So, now it's 2008-06-07 and I checked 4 sites on Google Analytics. Only the last week from 2008-05-30 to 2008-06-06:
Site
9.0.124.0
9.0.115.0
A
34.48%
40.23%
B
45.16%
25.81%
C
41.89%
33.78%
D
23.08%
31.79%
Site B and C are two blogs that mentioned the urgency of updating the Flash plugin. Site A is a simple service. Site D the site of a media company for print, web, etc. You can do the math to see that there are a lot of people using even older versions of Flash, that have even more security vulnerabilities. The table just shows the last two versions.
I have to repeat the question from the title:
ARE YOU MAD??
There is no safe place on the web. Every corner of the WWW can be the host of evil code. Harmless websites could include uncontrolled ads from unknown sources. A comment could exploit some bugs on a blog or similar page (MySpace, Facebook, ...) to hide code to include remote Flash files.
Firefox checks for updates of itself and all installed add-ons. But plugins are ignored. This can lead to some troubles.
The Random Password Generator had over 3000 visits the last few days. I checked the Google Analytics statistics and only 13.85% of the visitors had a current version of Flash. Important bugfixes aren't installed on a lot of computers!