56 percent of enterprise users using vulnerable Adobe Reader plugins

56 percent of enterprise users using vulnerable Adobe Reader plugins

Summary: According to Zscaler's most recent “State of the Web” security research report 56.46% of enterprise users running Adobe Reader have outdated version installed.

SHARE:

According to Zscaler's most recent “State of the Web” security research report, 56.46% of enterprise users running Adobe Reader have outdated version installed, making them susceptible to client-side exploitation kits courtesy of web malware exploitation kits such as the Blackhole Exploit Kit which targets vulnerabilities in Adobe Reader and Java.

Patching and updating is key to security as many attacks now target outdated plug-ins. In fact, recent large hacks making headlines are thought to have been performed by compromising just one plug-in in an enterprise,” said Michael Sutton, VP security research at Zscaler .

Not surprisingly, cybercriminals are quick to adapt. Thanks to the modular nature of web malware exploitation kits, they can add exploits targeting a particular exploitation vector at any time. In this case, Adobe Reader will be exploited "in between" the rest of the client-side exploits available at the disposal of the malicious attacker.

The research findings were also confirmed in a separate study conducted by Avast. In it, the researchers found out that 6 out of every 10 users run vulnerable Adobe Reader.

So, what are you waiting for? Check whether you're running vulnerable plugins susceptible to client-side exploitation, and patch them right away.

Topics: Security, Browser, Enterprise Software

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

13 comments
Log in or register to join the discussion
  • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

    A unified package management system to manage all software is always a good idea, look at Debian.
    qjqqyy
  • What about using existing A/V to warn about that?

    Dancho, can you tell why antivirus makers doesn't use the existing A/V infrastructure to warn about vulnerable software, like outdated Adobe Reader plugins? That would be a great improvement to any antivirus system. Let's stop treating the consequences, let's go after the root causes.
    dschwingel
  • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

    Adobe Reader is one of those low priority products. Its only used when a user has to use it, its not open all day and running so these statistics don't surprise me.
    LoverockDavidson
  • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

    Adobe needs a better updater for Flash. As it is now, it only checks when you reboot. I can go 30-60 days without a reboot. They need to test this daily. It should be part of Windows Update.
    WindowWasher
  • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

    100% of users using vulnerable Adobe Reader plugins - we just don't know it yet. Snarkiness aside, all versions of Read are vulnerable except the very latest one, and that one will be vulnerable soon enough, if history is anything to go by.
    Drew F.
  • Not Surprising - Try to Run Adobe Reader X On 6 or 8 Year Old Hardware

    This isn't really surprising. A lot of companies still have quite a number of workstations in use that are more than 5 years old, and have 512MB or less RAM. Have you ever tried running Adobe Reader X on a 6 year old Windows XP machine with 256 MB of RAM? Reader 7 still runs fine; Reader 9 or X makes the system choke.
    CFWhitman
  • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

    What I want to know is, why use Adobe Reader at all? There are other PDF readers available.
    The One True Fnerd
    • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

      @The One True Fnerd

      Foxit is a good product, but is not compatible with all websites that use PDFs or every PDf document. (It is also a far cry from the tiny Foxit 1.0 standalone executable I used to use.) Where I work, we replaced Adobe Reader with Foxit, and now we are replacing Foxit with Adobe Reader, (v9.x not 10.) Personally, I think it is an arms race between Adobe and the competition, just like with M$ products back in the late 90s. Every incremental upgrade makes the competition unable to open the latest documents. The consumers are the ones being harmed.
      mlashinsky
  • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

    The Avast study is flawed if it calls all 9.x versions of Reader "vulnerable". AFAIK Adobe is still patching 9.x even though 10 (X) is available. For how long remains to be seen, however.
    PB_z
  • Secunia

    Look at Secunia, you will get a short scan daily that looks for anything that has gone vulnerable in the last day. For example today I got a 99% rating. It was for an item that Windows Update had downloaded but not yet installed. With Secunia you will update your pdf and flash stuff all the time.
    mswift1
    • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

      @mswift@...
      Yup.
      Secunia is cool.
      I also use FOXIT reader in place of Adobe.
      kiwisewi77
  • Duh.

    Probably because Adobe can only be bothered to update its software for only the most recent hardware and OSes, but businesses that can't afford to update to "latest and greatest" every six months are still running older stuff.
    Scott Kitts
  • RE: 56 percent of enterprise users using vulnerable Adobe Reader plugins

    I have wndws XP Home.
    526MB
    Adobe 10 runs on it.
    Secunia warns me of outdated programmes and I never have downloading troubles.
    A buisness needs a central task manager who oversees the security on all the computers running.
    As for the Adobe is old rubbish, IE doesn't work too good without it and when kept up to date it is a good programme.
    Don't forget to always remove old editions of Adobe should Adobe not do it when downloading.
    Manual labour isn't so hard.
    kiwisewi77