Avast has revealed that 60.2 per cent of Adobe Reader users are running vulnerable versions of the program.
Through an analysis of Avast anti-virus users, the software firm’s researchers also discovered that a mere 40 per cent of users had the newest Adobe Reader X or were fully patched. One in five users had an unpatched version that was at least two generations old.
In April 2010, Steve Jobs cited security as one of many reasons for not using Adobe Flash on Mac products. Since then there has been a heated war of words (as you can read here, here and here) between Apple and Adobe. Apple fans will no doubt point to this report as evidence that Jobs made the right decision.
As what’s currently the most popular PDF reader application, Adobe Reader faces being a constant target for malware writers – and users must understand that this puts them in the firing line too, and they have to stay on top of updates if they want their data to stay safe.
“There is a basic assumption that people will automatically update or migrate to the newer version of any program. At least with Adobe Reader, this assumption is wrong – and it’s exposing users to a wide range of potential threats,” said Ondrej Vlcek, CTO at Avast.
Brad Arkin, senior director of product security and privacy at Adobe, commented: “We find that most consumers don’t bother updating a free app such as Adobe Reader as PDF files can be viewed in the older version. In many cases, users only update when provisioning a new machine.”
However, it’s important to note that Avast did not detect a causal link between specific versions of Adobe Reader and exposure to malware.
“It is actually possible to be fully patched and up-to-date if you are running Adobe Reader 8 or 9,” stated Mr. Arkin, “But I think a large percentage of users simply decline the update notification.”