Adobe Reader vulnerabilities for six out of 10 users

So says computer security software firm Avast Software, which has discovered that 60.2% of those with Adobe Reader are running vulnerable versions of the program and only 40% have the latest Adobe Reader X or are fully patched. Interestingly, one out of five users also has an unpatched version of the PDF reader software at least two generations old (8.x). "There is a basic assumption that people will automatically update or migrate to the newer version of any program," comments Ondrej Vlcek, CTO at Avast Software. "At least with Adobe Reader, this assumption is wrong – and it's exposing users to a wide range of potential threats," he adds. And Brad Arkin, senior director of product security and privacy at Adobe, comments: "We find that most consumers don't bother updating a free app, such as Adobe Reader, as PDF files can be viewed in the older version." He points out that most users only update when provisioning a new machine. But malware PDF exploit packages typically look for a variety of security weaknesses in the targeted computer, attacking when an uncovered vulnerability is discovered. "Most exploits have been made to hit all vulnerable versions, not just one," states Vlcek. "Libraries of code are shared between various Adobe versions, which also means that vulnerabilities are shared." "It is actually possible to be fully patched and up-to-date, if you are running Adobe Reader 8 or 9," states Arkin, "But I think a large percentage of users simply decline the update notification." And he adds: "It is critical for users to stay updated."