14 DAY TRIAL // Three weeks ago, Adobe Inc. was informed of a zero-day vulnerability that was exploited in the wild. Attackers were embedding malformed Flash streams into PDF documents to execute arbitrary code on hosts. After one week, Adobe launched critical security updates to its Flash Player and Acrobat Reader software. After two more weeks since updates were being available to Internet users, Adobe has managed to update only 20% of Flash Player users and 16.5% of Acrobat Reader users.
Out of those percentages provided by security adviser Trusteer, only 19% of Flash users have actually installed the update, while only 7% have installed the Acrobat Reader security fix.
Users' failing to install a patch is sure not because of Adobe, but knowing that Mozilla reaches about 80% of its users with security fixes in less than a week, while Google Chrome has even a better reach, with 90%, the problem seems to reside in Adobe's backyard more than it might be able to recognize. The software giant has been dragging it in issuing a security patch (one week after the reported incident), and it has been ignoring updates as well.
Considering that 99% of all Internet users have installed the Adobe Flash plugin on their computers, this situation leaves a large amount of Internet users still vulnerable to targeted attacks.
The problems at Adobe are not old at all, since this is not the first time it has botched a security fix, and it looks like in May this year it noticed it itself, and through a blog post, Dave Arkin, director of product security and privacy at Adobe, announced a future re-thinking of update and patching methods.
“Since February, Adobe Reader and Acrobat engineers have been executing a major project focused on software security. Everything from our security team’s communications during an incident to our security update process to the code itself has been carefully reviewed,” Dave Arkin said.
The problematic updates were security fixes for Adobe Acrobat Reader 9.1.3 and Flash Player 10.0.32.18.
Adobe Reader 9.1.3 update can be downloaded from here. Adobe Acrobat Standard & Professional 9.1.3 update can be downloaded from here. Adobe Acrobat Professional Extended 9.1.3 update can be downloaded from here. Adobe Flash Player 10.0.32.18 update can be downloaded from here.
