Is Adobe Reader the weakest link in your security chain?
When you are looking for possible weaknesses in your PC’s security you first think of updating your operating system, your ant-virus software, your anti-malware software and your browser. At this point must users will sigh a sigh of relief and sit back with a self-satisfied grin. However, not for the first time Adobe Reader, and dubious PDF files, have been highlighted as posing one of the highest risks.
Last month, ScanSafe of California said that malicious PDF files comprised 80% of all exploits at the end of last year. Now, according to Helsinki-based company F-Secure, Adobe Reader is the software most often exploited in targeted attacks. In the first two months of this year F-Secure tracked 900 targeted attacks. It found that 61% of these attacks exploited a weakness in Reader. This compares to 24% of the attacks exploiting vulnerabilities in Word, and 14% in Excel and PowerPoint combined. Adobe Acrobat Reader has been growing in popularity amongst the criminal hacking community. A similar study showed it represented 28% of the attacks in 2008, and 50% in 2009.
Targeted attacks can have a devastating effect upon the companies chosen. Last year Google was a high-profile victim of such attacks, which it claimed had originated in China. In this case the use of un-patched versions 6 of Internet Explorer was blamed. Earlier this year Intel was attacked, but details are hard to come by.
Adobe are not surprised by these claims. They argue that as their software is cross-platform, it attracts the interest of those seeking to exploit any vulnerabilities for their own ends. Adobe appear to respond quickly to reports of vulnerabilities, patching their software after such a report from Microsoft only last month. Users are urged to update their Adobe software, by visiting Adobe’s own Security Site.