Security firm Avast Software has released a report revealing that most users are running outdated versions of Adobe Reader. These older versions don’t have all of the neat security bells and whistles (e.g., sandbox tech) that have been built into the latest versions of the free software. As such, they may still contain the security holes that these innovations later closed.
According to the report, 60 percent of Avast’s customers who used Adobe Reader were running a vulnerable version of the software. In other words, only 40 percent had the newest Adobe Reader X or were fully patched, and about 20 percent were at least two major versions old (i.e., version 8.x or earlier).
It would be unfair to just blame the users for this. On this point, I tend to agree with The Register’s John Leyden, who wrote that it’s tough enough to stay current about which applications might be vulnerable, let-alone keep them all up-to-date. This is especially true for less tech-savvy users.
In any case, users can protect themselves by running fully-patched versions of Reader 8.x or 9.x. As Adobe recommends, though, it would be better still to upgrade to Adobe Reader X. Windows users are also encouraged to activate the automatic update feature of the latest version. Automated updating takes a lot of the pain and hassle out of managing software versions, and will ensure that users always have the latest (and typically most secure) version of the software with minimal effort.
Anyway, the curious can read Avast’s full press release — complete with a handy pie chart of Adobe Reader versions — at the Avast website. Given that its content stirs up a little concern about the security of PDF viewing, I thought that it was funny that the press release was available primarily as a PDF. Don’t worry, though, it seems perfectly safe to me. You might want to open it with the latest version of Adobe Reader X just in case, though!