According to Kaspersky Lab, Adobe’s products have become the primary vehicle for malware, due to their prevalence and multi-platform capabilities.
Kaspersky warns that users of Adobe products are often unaware of the potential threat they are incurring by opening PDF files of unknown origin.
According to the report, among the many varieties of exploit that were detected, the Exploit.Win32.Pdfka family with 42.97% was by far the most popular. This exploit takes advantages of vulnerabilities in Adobe Reader and Adobe Acrobat.
The report highlights the fact that many users of Adobe products have not installed the patches designed to remove the software’s vulnerabilities and therefore remain susceptible to attack. Among the top ten most prevalent software vulnerabilities detected on users’ computers over the first three months of 2010, three were found in Adobe products, six were found in Microsoft products, and one was found in a Sun product.
The three vulnerabilities targeting Adobe’s programs were found on 23.37%, 17.87%, and 15.27% of the computers examined, with the first and last being critical vulnerabilities that allow remote hackers to take full control of a system.
Kaspersky Lab also mentioned that one of the vulnerabilities in Adobe’s products that became public knowledge over three years ago has had a patch available for all that time, which is indicative that many users are still not updating their software.
In response to this problem, Adobe launched an automated update service that runs in the background on 13 April 2010. Developers are hoping that this will help to reduce the number of unpatched applications that are so appealing to cybercriminals.
Adobe’s vulnerabilities and background updater << Discuss in the forums