Adobe Flash is buggy and ubiquitous, and Adobe's PDF product also has plenty of issues. On the other hand Microsoft invests heavily in security, and Vista is much more secure than XP.
So it's not surprising Microsoft's biggest headaches come from Adobe ...
MS blames non-Redmond apps for security woes • The Register
... Which flaws feature in attacks, and their severity, are a much better guide to risk than simply counting the number of vulnerabilities. Microsoft-related problems were held responsible for six of the top 10 browser-based vulnerabilities attacked on machines running Windows XP in the second half of 2008, compared to none on PCs running Windows Vista. The most attacked vulnerabilities involved a flaw in Windows graphics rendering engine (MS06-01) and a RealPlayer console vulnerability. An Adobe Flash vulnerability was the single most common way of attacking Vista machines, with the RealPlayer console flaw cropping up at number three...
... evidence from Microsoft suggests that Vista is more resistant to malware. The infection rate of Windows Vista SP1 is 60.6 percent less than that of Windows XP SP3, the software giant reports....
Does the 60% number adjust for OS prevalence?
Flash is a problem for OS X too, but in practice crooks don't bother with OS X. It's the old story. When being chased by a bear, you don't have to outrun the bear. You just have to outrun your friend.
With IE 8 and Vista/Windows 7 new Windows boxes will be much more secure - if Flash is out of the picture. Now if Microsoft can just kill Adobe ...
PS. The problems with Flash security are another reason we don't want Adobe writing a Flash client for the iPhone.