Six out of ten users use vulnerable Adobe Reader versions

Avast Software, one of the biggest names in computer security have announced that six out of ten people are vulnerable to attacks through them having outdated versions of Adobe Reader.

What’s more worrisome is that hackers commonly use exploits in Adobe’s products which means this specific exploit is likely seen a high amount of usage.

Avast released a statement which said “an analysis of avast! antivirus users found that 60.2% of those with Adobe Reader were running a vulnerable version of the program and only 40% of users had the newest Adobe Reader X or were fullypatched. One out of every five users also had an unpatched version of Adobe Reader that was at least two generations old (8.x).”

The company later said “Adobe Reader is the most popular PDF reader application and subsequently is the biggest target for malware writers. Over 80% of avast! users run a version of Adobe Reader, with Foxit, the second most popular PDF reader, having a much smaller user share of 4.8%.”

Although the amount of Adobe Reader exploits has significantly dropped over the years, hackers are still targeting older versions because the usage of them collectively is extremely high. The 60% of unprotected users are being advised to download the latest version in order to defend themselves against any unsuspected attacks.

Adobe’s senior director of product security and privacy, Brad Arking was quoting as saying "we find that most consumers don’t bother updating a free app such as Adobe Reader as PDF files can be viewed in the older version. In many cases, users only update when provisioning a new machine," he said.

Report a problem with article
Previous Story

Hotmail introduces new security feature, 'My friend's account was hacked!'

Next Story

Google financials exceed estimates in latest numbers [Update]

44 Comments

Commenting is disabled on this article.

And how many users out of ten believe Adobe Reader is the only PDF dedicated reader ? There are excellent alternatives, not to mention PDF-XChange for instance. On forums like here of course most of us if not all are aware of alternatives, but I notice many who just stick on default, be it readers, values, data and so on ...

That piechart has no section for "Version X but not fully patched". Why not?
Since it is likely that at least some users would fall within that category, I am not confident about the accuracy of the rest of it.

The thing is such a bloated POS and is only used when you actually open a pdf, that no one bothers to check for updates otherwise.

Besides, as already stated, the thing is to stupid to notify you of version updates!

Foxit doesn't work with my wifes credit union site, which is a POS in itself. Just had to install this stupid Adobe crap on a brand new Windows 7 Ultimate installation. Made me feel like I desecrated the computer!!

cork1958 said,
Besides, as already stated, the thing is to stupid to notify you of version updates!
Version 10.1 adds a background updater to automatically update to the latest version, but there hasn't been a new version since then so it's not clear how well this will work.

All the way up to version 10.1, the updater was straight up useless. They changed it to a bigger nag in (I think) 9.2, but the fact that it required a pile of manual intervention and privileges to work means that it just gets ignored.

10.1 will finally do background updates, and it will nag you to enable them if they're not already on. It's unproven, but hopefully it'll end this madness. At least, for Windows Vista and 7, since the new updater can't go fully automatic on XP.

Now they just need to do this with Flash Player. If they can distribute updates with Chrome without requiring a new EULA each time, they can do it for IE and Firefox.

What about the paid for version, we use Acrobat 8 Pro extensively, not worth upgrading for features. Are these exploits in the Pro version too?

Youngy said,
What about the paid for version, we use Acrobat 8 Pro extensively, not worth upgrading for features. Are these exploits in the Pro version too?

I know that Reader 9 is still in support and if you run the latest version of 9.x you have the most recent fixes. Obviously, 10.x is supported and all fixes are available. Versions 8 and below are not supported. I don't know if the Acrobat product has a longer support cycle. That is something you may want to look up on Adobe's website or in your product documentation.

Adobe needs to do like Mozilla does with their unsupported versions and display a dialog when the application opens informing the user that they are using a vulnerable version of the software, and provide an easy way for them to upgrade to the latest version. Major version upgrades should be possible through the updater. Otherwise, what good is it?

I use Foxit and love it.
I also use Secunia Personal Software Inspector to automatically make sure all my programs have the latest up to date versions and therefore the safest versions.

Lexcyn said,
The OS images at my workplace use 9. Don't know why they don't just upgrade to X.

Someone needs to update the image

or as most of the world expresses fractions, in LCD form

3 out of 5 users use vulnerable adobe reader versions.

Now the simple reason for that, is the incredibly constant and annoying the update process is - so its usually killed. A week later that version is vulnerable.

You know after the last few times I tried to open some PDF's online with Adobe Reader seemingly trying to do something while sitting there waiting for it to load I said to myself **** this and downloaded Foxit Reader. Amazingly enough it has no problems opening up a PDF in good time, all the time.

i wish nitro (which i use) would support PDF3d. at the moment i dont know anything but adobe supporting it. but i wont use Adobe Reader just for that.

win8 will have a built-in pdf reader so no need for adobe reader for win8 users PDF.js project for firefox will mean all firefox users won't need it either. So everyone will be more secure once that is stable and built into firefox.

torrentthief said,
win8 will have a built-in pdf reader so no need for adobe reader for win8 users PDF.js project for firefox will mean all firefox users won't need it either. So everyone will be more secure once that is stable and built into firefox.

That is going to be a bright future

Yeah but Foxit has that stupid Foxit toolbar that comes bundled with the installer that you can't choose to pass on (AFAIK). In conclusion, they all suck one way or another.

Kyle A said,
Yeah but Foxit has that stupid Foxit toolbar that comes bundled with the installer that you can't choose to pass on (AFAIK). In conclusion, they all suck one way or another.

Go to ninite.com

You can install the latest version of FoxIt or A. Reader, and it will install without (Bloat) any krapkrap.....

Thats what I suggest to my end users....

Kyle A said,
Yeah but Foxit has that stupid Foxit toolbar that comes bundled with the installer that you can't choose to pass on (AFAIK). In conclusion, they all suck one way or another.

After installing Foxit go to control panel and remover the toolbar.

wahoospa said,

After installing Foxit go to control panel and remover the toolbar.


That's not the point. I understand why they bundle stuff but to force it to be installed is another thing...

Go to ninite.com

Thanks, I used this a while ago but forgot about it.

wahoospa said,

After installing Foxit go to control panel and remover the toolbar.

Err untick the options in the setup screens stops the toolbar from installing...........Foxit FTW! And Well done avast, your only 6 months late with your "research" Sophos announced this issue back in January..........and is why Sophos have 3rd Party Patch management for corp use for such items coming in Version 10 later this year.......Adobe have a patch manager for their free products but its a ballache to configure....

Foxit Reader is nice for me. I don't like the Adobe Reader, it always ask me for updates, it want to start with Windows. Foxit Reader you can install and then forget you have it. But when you need a PDF, it will be there!

This program is the ultimate bloat-virus-trojan-ect. OPEN DOOR.
I wonder why people bother using it.
Each day there's a Zero Day exploit on it.

boumboqc said,
This program is the ultimate bloat-virus-trojan-ect. OPEN DOOR.
I wonder why people bother using it.
Each day there's a Zero Day exploit on it.

Because PDF is ISO standard which means there's a lot of documents in this format. As was mentioned software reader alternatives don't provide the same level quality as adobe reader.

I can believe this, I might be getting it wrong though.

I use to have Reader 9, and would press update and it won't show any, but should it of then started to download Reader X?

I'm now running Reader X though

Luckily there are alternatives to Adobe Reader, such as Foxit Reader.

Now if only there were an alternative to Adobe Flash...

Marshall said,
Luckily there are alternatives to Adobe Reader, such as Foxit Reader.

Now if only there were an alternative to Adobe Flash...

Interesting, I dind't know there was an alternative to A.Reader
I'll try it now

Marshall said,
Luckily there are alternatives to Adobe Reader, such as Foxit Reader.

Now if only there were an alternative to Adobe Flash...

Foxit is pretty bad, in my opinion. Sumatra is even worse. I like PDF-XChange, it even supports Tablet PCs well. Adobe reader looks like it is supposed to support tablet PCs, but once the PDF is longer than a couple of pages, touch scrolling starts reacting crazy.

Marshall said,
Luckily there are alternatives to Adobe Reader, such as Foxit Reader.

Now if only there were an alternative to Adobe Flash...

Agreed. Foxit is simple and light. And there are alternatives but they´re not as well supported as the real thing so they´re often broken and/or missing features