PRAGUE, Czech Republic, July 13, 2011 – AVAST Software researchers have discovered that six out of every ten users of Adobe Reader are running unpatched versions of the program, leaving them vulnerable to a variety of malware attacks.
An analysis of avast! antivirus users found that 60.2% of those with Adobe Reader were running a vulnerable version of the program and only 40% of users had the newest Adobe Reader X or were fully patched. One out of every five users also had an unpatched version of Adobe Reader that was at least two generations old (8.x).
Adobe Reader is the most popular PDF reader application and subsequently is the biggest target for malware writers. Over 80% of avast! users run a version of Adobe Reader, with Foxit, the second most popular PDF reader, having a much smaller user share of 4.8%.
"There is a basic assumption that people will automatically update or migrate to the newer version of any program. At least with Adobe Reader, this assumption is wrong – and it’s exposing users to a wide range of potential threats," said Ondrej Vlcek, CTO at AVAST Software.
Brad Arkin, senior director of product security and privacy at Adobe, agreed with the importance of users staying up to date. "The vast majority of users that encounter problems with malicious PDFs are running out-of-date software," he said. "In 2010 Adobe released a completely rewritten updater for Reader and Acrobat that includes a silent, automatic option to help users stay up-to-date. With the June 14, 2011 release of Adobe Reader and Acrobat X (10.1) we’ve made this the default setting for Windows users. He added that the avast! data represents "valuable research into real-world user patching behavior".
Malware PDF exploit packages will typically look for a variety of security weaknesses in the targeted computer, attacking when an uncovered vulnerability is discovered. "Most exploits have been made to hit all vulnerable versions, not just one," explained Mr. Vlcek. "Libraries of code are shared between various Adobe versions which also means that vulnerabilities are shared."
Updates are the key security issue as the AVAST Virus Lab did not detect a causal link between specific versions of Adobe Reader and exposure to malware.
Keeping secure, especially for the older versions of Adobe Reader, does require some user attention. "It is critical for users to stay fully patched on whichever supported version of Adobe Reader they are using," said Mr. Arkin. The approach recommended by Adobe is for users to upgrade to Adobe Reader X with Protected View (aka "sandboxing"). Windows users should also take advantage of the automatic update option. "Our hope is that with the automatic update and the latest Adobe Reader X offering, we will see a measurable improvement on these statistics. We are really eager to get more users updated to the latest, most secure versions as quickly as possible."