Research: 80% of Web users running unpatched versions of Flash/Acrobat
Summary: According to a research published by Trusteer earlier this month, 79.5% of the 2.
According to a research published by Trusteer earlier this month, 79.5% of the 2.5 million users of their Rapport security service run a vulnerable version of Adobe Flash, with 83.5% also running a vulnerable version of Acrobat.
The company has also criticized Adobe by insisting that their update mechanism "does not meet the requirements of a system that is used by 99% of users on the Internet and is highly targeted by criminals", but is praising the update mechanism of Google's Chrome and Firefox, whose silent updates close the window of opportunity for malicious attackers to take advantage of.
Trusteer's research findings come a month after Secunia found out that Adobe is shipping an insecure version of Reader from its official site, justifying the action with the built-in updater, which apparently is not used by the 2.5 million users mentioned in the research, followed by an advice given in the SANS NewsBites newsletter, issue 61, that organizations should limit the use of Adobe products in order to minimize the attack surface.
Due to the high market penetration of Adobe's products, it's fairly logical to witness an increase of malicious exploitation of Adobe related vulnerabilities. However, there aren't any web malware exploitation kits in the wild that are exclusively relying on Adobe-specific vulnerabilities. Instead, the exploits-mix that is served upon successful browser recognition attempts to exploit the most common applications found on a particular PC in order to increase the probability of successful infection.
Data published by Secunia two months ago, indicates the same trend that cybercriminals have been aware of for a while now, namely, that the average insecure program per PC rate is still high, with 3 insecure programs in the U.S on average, and 4 insecure programs per PC in Europe based on the company's data. The company published similar findings two years, providing that an unpatched vulnerability is just as handy as a zero day one from the perspective of the cybercriminal who's efficiently infecting hundreds of thousands of users by exploiting outdated/unpatched flaws.
Adobe's products aren't an exception, they're targeted in between the rest of the vulnerabilities included in the exploits-mix. Don't just make sure that you're running the latest version of Flash and Reader, make sure that you're running the latest versions of all the applications on your PC, before cybercriminals do the check for you.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Thank goodness for regular updates from Adobe's RPM repository!
RE: Research: 80% of Web users running unpatched versions of Flash/Acrobat
compared with Redmond. However lets point people to
the Flash solution. It's easy... Here is what you need
to do:
* Download and use the Flash un-installer:
http://kb2.adobe.com/cps/141/tn_14157.html
* Reboot to clear out any left over ocx files.
* Reinstall the latest Flash Player:
http://www.adobe.com/software/flash/about/
Julian (ID Fraud Expert)
RE: Research: 80% of Web users running unpatched versions of Flash/Acrobat
Adobe's horrible "process"
Of course, I don't let Microsoft off the hook completely. It's crazy that each company should develop its own update mechanism and oftentimes scheduler. There should be a single updater in Windows that other apps plug into. Scheduling should be done through that updater or perhaps task scheduler. Then everything installed could be viewed under Add/Remove Programs, along with associated patches and an update schedule.
Adobe Updates
I doubt there are alternatives to Adobe Flash Player...
Hooking MS
Pfft. Yes, because Microsoft needs yet another excuse for people to point fingers at them, blaming them for all PC ailments.
Adobe should keep their own house in order.
Re: Adobe's horrible process
The average home PC user doesn't understand all of the expensive stuff that corporate IT departments have to put in place to make everything work properly. Setting up the auto-update mechanism in Adobe may be fine for one PC on a cable modem, but it isn't gonna work for 1,000 PCs at 25 different locations, all homing back to a 3-T1 Internet link.
Constantly bombarded w/updates
RE: Research: 80% of Web users running unpatched versions of Flash/Acrobat
One reason more people haven't updated.
I hope that Adobe replacements really take hold, I'm tired of dealing with their BS. I just downloaded Foxit the other day, it is incredibly fast compared to Reader.
Foxit Reader FTW!!!
Foxit Follows Adobe In Open Vulnerabilities....
Both readers are almost as vulnerable....wake up and smell the malware.
Not only the programs
RE: Research: 80% of Web users running unpatched versions of Flash/Acrobat
This further demonstrates
It won't be easy with so many vendors (I won't name names, but we know who they are) who insist on using their update mechanisms as a vehicle for promoting other products. But doing that turns people off, and rather than uninstall the offending software people tend to just not update. And yes people need to be smarter than that, but every time something goes wrong in the Windows environment MS gets a black eye, even if it is not necessarily their fault. Centralizing the update mechanisms and keeping the focus on installing timely updates rather than the other BS will remove that threat and give MS many fewer undeserved black eyes.
Opening PDFs in a browser is arcane & how I got the latest Flash version
The last time I went to Google video, I got a message that I needed to update my Flash Player. This sort of backwards [i]in[/i]compatibility seems like a reasonable solution to security issues.
RE: Research: 80% of Web users running unpatched versions of Flash/Acrobat
RE: Research: 80% of Web users running unpatched versions of Flash/Acrobat
RE: Research: 80% of Web users running unpatched versions of Flash/Acrobat