jeudi 30 avril 2015

Unpatched PDF readers leave US private PCs open to attack

Patch download

Adobe Reader 10 has 39 vulnerabilities and is unpatched on 65 percent of private PCs in the US, whilst Adobe Reader 11 with a 55 percent market share has 40 vulnerabilities and remains unpatched on 18 percent of machines.

This is one of the findings of the latest Secunia country report. Additional findings show that 14 percent of PC users in the US (up from 12.9 percent last quarter) have an unpatched operating system, and that Oracle Java once again tops the list of applications exposing PCs to security risks.

Other applications in the vulnerability top 10 include Apple QuickTime, Microsoft Internet Explorer and uTorrent for Windows. Also one in 20 programs on the average US PC have reached end-of-life, meaning they are no longer supported by the vendor and don't receive security updates. Adobe Flash Player, one of the end-of-life applications, is still installed on no less than 78 percent of the PCs surveyed.

"It is worrying that, with such a high market share, one in five US users fail to patch their Adobe PDF reader," says Kasper Lindgaard, Director of Research and Security at Secunia. "Considering the fact that PDF documents is a prominent attack vector used by hackers to gain entry into IT systems, users put themselves and any system they are connected to at risk, by neglecting the security risk the popular reader represents when not maintained. It is paramount that users remember to patch their PDF readers, and that corporate IT teams have procedures in place to update all PDF readers on devices that are in any way connected to the company infrastructure".

More interesting findings are that the average PC user in the US has 76 programs installed from 27 different vendors. 42 percent of these programs are from Microsoft while the rest come from other companies. Whilst there's a single update mechanism for the Microsoft programs this means that users may have to master up to 26 other, different update processes to keep their machine secure. Little wonder that a popular social engineering trick for malware is to pose as an update for a video player or similar.

Secunia's country reports for the US and elsewhere are available to download from the company's website.

Image Credit: alexskopje / Shutterstock



Aucun commentaire:

Enregistrer un commentaire