EmailSafety.net - Users spurn latest Adobe PDF patches, says researcher

Users spurn latest Adobe PDF patches, says researcher

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

Although Adobe spent much of March releasing fixes for a PDF bug that hackers have been exploiting for more than three months, users are in no hurry to patch, a security company said Friday.

Scans of several hundred thousand Windows PCs owned by clients of Qualys Inc. show that few users have bothered to update, said Wolfgang Kandek, Qualys' chief technology officer.

"There's been no movement [on the Adobe Reader vulnerability]," said Kandek, referring to the scans that Qualys does to detect if a system is vulnerable to any specific attack. Considering the nature of the vulnerability -- and the pervasiveness of the free Adobe Reader -- that's troubling, he continued. "I would rank the Adobe vulnerability at the same level as an Internet Explorer or Windows vulnerability," Kandek said. "You could even say it's higher because Reader is also on Macs and Unix machines."

Adobe acknowledged one critical vulnerability in its Reader and Acrobat applications last month, more than a week after security company Symantec Corp. reported finding attack code in use. Starting March 10, Adobe began patching the two applications, first fixing Version 9, then following that with updates to Versions 8 and 7 at one-week intervals.

Related Content

Tuesday, as it released the last of the Reader and Acrobat updates, Adobe announced it had also patched five more critical bugs behind the scenes, but had waited to reveal that tidbit until it had finished fixing all versions of the software.

According to Kandek, within two weeks of the release of a fix for a critical vulnerability in Internet Explorer, about 40% of all PCs have been patched. That's not happened with the Adobe update. "It's just not going down," he said. As recently as Monday, two weeks after the delivery of Reader and Acrobat 9.1, Qualys' scans were showing fewer than 10% of PCs patched against the actively-exploited vulnerability.

What's especially disconcerting, added Kandek, is that although the vulnerability has been highly publicized, it has remained under the radar for most users. "That's common for vulnerabilities that aren't in an OS. While a bug like this will be tracked by a security professional, and by certain enterprises on the top of their game, many people, including those in small companies, may not notice it.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites