An Unpatched Adobe Application does for an Unsafe Network Make

Adobe Reader, the freeware program that enables computer users to view PDF (Portable Document Format) documents, is among the most widely installed computer applications on the planet. Since Adobe Reader is so widely used, however, it’s also a popular target for exploitation whenever attackers detect vulnerability in the program, and the methods for exploitation are endless. Alarmingly, despite the high probability for attacks, according to the SANS Institute, widely-used 3rd party applications like Adobe Reader tend to be considered a low priority by businesses in terms of patching*, making unpatched 3rd party applications “the #1 path of infection to a network.”

Other widely-installed programs such as Adobe Flash Player, QuickTime and Microsoft Office are also often exploited to gain access to a user’s machine and can ultimately infect an entire network. This exploitation often occurs when computer users visit or open documents, videos or music from what they consider a “trusted site” that has actually been infected. If these applications are not regularly patched to protect computers from continuously-evolving methods of infection, they provide a convenient point of entry into the user’s computer and can eventually compromise other users’ machines and even servers on the network.

The SANS Institute also reports that, on average, organizations take at least twice as long to patch user applications than they take to patch operating systems. Since it is easier to directly exploit an application like Adobe Reader than it is to directly exploit an operating system or server, “the highest priority risk is getting less attention than the lower priority risk.” Accordingly, attacks involving PDF vulnerabilities have significantly increased in recent years, providing further motivation for attackers to focus on this method of exploitation. In addition, while Adobe Reader has an automatic update feature that prompts users to download and install patches for the application when they become available, Adobe Flash does not have this feature and is therefore more infrequently patched, leaving the application more vulnerable to attacks.

If you’re unsure as to whether Adobe Reader, Adobe Flash, or any other widely-used 3rd party applications on your business’ computers are completely patched, 3D Corporation can evaluate your network and provide assistance in ensuring patches for these applications are up-to-date. For more information on the services 3D provides to keep business networks secure, please call our office at (360) 671-4906, email us at info@3dcorp.us, or visit our website at www.3dcorp.us.

References:
"Top Cyber Security Risks", SANS Institute; "Adobe Reader 9", adobe.com; "Adobe Flash Player", adobe.com; "Quicktime", apple.com; "Microsoft Office 2010", office.microsoft.com

*Patching: the installation of security updates on installed computer or server applications.