Users spurn latest Adobe PDF patches, says researcher
Although Adobe spent much of March releasing fixes for a PDF bug that hackers have been exploiting for more than three months, users are in no hurry to patch, a security company said Friday.
Scans of several hundred thousand Windows PCs owned by clients of Qualys Inc. show that few users have bothered to update, said Wolfgang Kandek, Qualys' chief technology officer.
"There's been no movement [on the Adobe Reader vulnerability]," said Kandek, referring to the scans that Qualys does to detect if a system is vulnerable to any specific attack. Considering the nature of the vulnerability -- and the pervasiveness of the free Adobe Reader -- that's troubling, he continued. "I would rank the Adobe vulnerability at the same level as an Internet Explorer or Windows vulnerability," Kandek said. "You could even say it's higher because Reader is also on Macs and Unix machines."
Adobe acknowledged one critical vulnerability in its Reader and Acrobat applications last month, more than a week after security company Symantec Corp. reported finding attack code in use. Starting March 10, Adobe began patching the two applications, first fixing Version 9, then following that with updates to Versions 8 and 7 at one-week intervals.
Tuesday, as it released the last of the Reader and Acrobat updates, Adobe announced it had also patched five more critical bugs behind the scenes, but had waited to reveal that tidbit until it had finished fixing all versions of the software.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
adobe
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
