Welcome Guest. | Log In | Register | Membership Benefits
  • |   Email this page E-mail
  • |  Print Print
  • |   Bookmark and Share

Report: Sixty Percent Of Users Are Running Unpatched Versions Of Adobe

Vulnerabilities in software could lead to breaches, Avast Software study warns

Jul 13, 2011 | 04:37 PM | 

By Tim Wilson

Six out of every 10 users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks, according to a report published today.

In a study of its own antivirus users, Avast Software found that 60.2 percent of those with Adobe Reader were running a vulnerable version of the program, and only 40 percent of users had the newest Adobe Reader X or were fully patched.

One out of every five users also had an unpatched version of Adobe Reader that was at least two generations old, the study says.

Adobe Reader is the most popular PDF reader application and is a frequent target for malware writers. More than 80 percent of Avast users run a version of Adobe Reader.

"There is a basic assumption that people will automatically update or migrate to the newer version of any program," said Ondrej Vlcek, CTO at Avast. "At least with Adobe Reader, this assumption is wrong -- and it’s exposing users to a wide range of potential threats."

Brad Arkin, senior director of product security and privacy at Adobe, agreed with the Avast analysis. "We find that most consumers don’t bother updating a free app, such as Adobe Reader, as PDF files can be viewed in the older version," he said. "In many cases, users only update when provisioning a new machine."

Malware PDF exploit packages will typically look for a variety of security weaknesses in the targeted computer, attacking when an uncovered vulnerability is discovered. "Most exploits have been made to hit all vulnerable versions, not just one," says Vlcek. "Libraries of code are shared between various Adobe versions which also means that vulnerabilities are shared." The Avast Virus Lab did not detect a causal link between older versions of Adobe Reader and exposure to malware.

"It is actually possible to be fully patched and up-to-date if you are running Adobe Reader 8 or 9," Arkin says, "But I think a large percentage of users simply decline the update notification." Have a comment on this story? Please click "Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.



Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dark Reading encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dark Reading moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Dark Reading further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
Subscribe to RSS



SMB Security Reports

report Small Businesses, Big Losses: How SMBs Can Fight Cybercrime
Small and midsize businesses are falling prey to cyberattacks that cost them sensitive data, productivity and corporate accounts cleaned out by sophisticated banking Trojans. SMBs are typically on the hook for these losses and lack effective means to prevent them. In this report, we explain what makes these threats so menacing, and share best practices to defend against them.

report Five Security Flaws, Five Security Fixes For Small And Midsize Companies
Take a sneak peek at data from the Dark Reading/InformationWeek 2011 Strategic Security Survey, with a focus on the five biggest problems faced by small and midmarket companies. You?ll get a look at key security practices and processes for managing the complexity of security; enforcing policies; assessing risk; preventing data breaches; and managing scarce IT resources.

report SMBs in the Crosshairs: Understanding the Threats, Defending the Business
Cybercriminals are not only exploiting small and midsize businesses -- they're targeting them. While thefts of hundreds of thousands or even millions of credit card numbers and personal information records make headlines, many small companies' accounts have been cleaned out. In this Dark Reading Tech Center report, we identify how SMBs are exploited, where their security fails and how they can shore up their defenses.

Other reports from the SMB Security Tech Center: