Press Release

Secunia Quarterly Country Report: PDF Readers are Left Wide Open to Attacks on Private US PCs

Copenhagen, Denmark - Apr 29, 2015 - Secunia, a leading provider of IT security solutions for vulnerability management, today published its latest batch of country reports for a total of 15 countries, including the US. The data in the US report shows that unpatched, vulnerable PDF readers are a big security issue for private PC users; that 14% of PC users in the US (up from 12.9% last quarter) have an unpatched operating system, and that Oracle Java yet again tops the list of applications exposing PCs to security risks.

Key findings in the US report include:

  • Adobe Reader 10 and 11 come in at number three and four on the Most Exposed List: Adobe Reader 10 with a 25% market share, 39 vulnerabilities and unpatched on 65% of PCs; Adobe Reader 11 with a 55% market share, 40 vulnerabilities and unpatched on 18% of PCs.
  • Oracle’s Java JRE 7 tops the list as the most exposed application on PCs in the US. With a market share of 54%, 77% of users have not installed the latest updates, despite 101 reported vulnerabilities.
  • 1 in 20 programs on the average US PC have reached end-of-life, meaning they are no longer supported by the vendor and do not receive security updates. Adobe Flash Player, one of the end-of-life applications, is still installed on no less than 78% of the PCs.
  • Other applications in the top 10 include Apple QuickTime, Microsoft Internet Explorer and uTorrent for Windows.

Secunia’s annual Vulnerability Review, published in March, identified that a total of 85% private users worldwide have a version of Adobe Reader installed on their PCs. The US report for Q1 corroborates the number. Kasper Lindgaard, Director of Research and Security at Secunia, comments on the issue: “It is worrying that, with such a high market share, one in five US users fail to patch their Adobe PDF reader. Considering the fact that PDF documents are a prominent attack vector used by hackers to gain entry into IT systems, users put themselves, and any system they are connected to, at risk by neglecting the security risk the popular reader represents when not maintained. It is paramount that users remember to patch their PDF readers, and that corporate IT teams have procedures in place to update all PDF readers on devices that are in any way connected to the company infrastructure,” says Lindgaard.

Vendors’ security updates are readily available; however, the average US user must master 27 different update mechanisms to ensure the latest patches are regularly applied. To simplify this process Secunia recommends users download its free Secunia PSI security tool, which has already been downloaded by more than 8 million private individuals globally to detect vulnerable programs and plug-ins. Once installed it can help PC users automatically patch vulnerable programs and stay secure.  For patch management in a corporate environment, IT security teams can also subscribe to the Secunia CSI.

Secunia’s Q1 Country Reports are averages based on scans of PCs by the Secunia PSI between January 1 and March 31, 2015. It is safe to assume that Secunia PSI users are more secure than the average PC user, and therefore these figures can be considered conservative estimates. 

You can download the report here.

Follow Flexera Software…

About Flexera Software
Flexera Software helps application producers and enterprises increase application usage and the value they derive from their software. Our next-generation software licensing, compliance and installation solutions are essential to ensure continuous licensing compliance, optimized software investments and to future-proof businesses against the risks and costs of constantly changing technology. Over 80,000 customers turn to Flexera Software as a trusted and neutral source for the knowledge and expertise we have gained as the marketplace leader in licensing, installation and compliance for over 25 years and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com

For more information, contact:

Flexera Software
John Lipsey
(224) 465-9139
jlipsey@flexerasoftware.com

*All third-party trademarks are the property of their respective owners.