According to the “Flash Security Hole Advisory” by Trusteer, even though Adobe released a critical patch for Acrobat Reader and Flash, almost 80% of Internet users were still vulnerable. According to the researchers, this is the biggest security hole on the Internet today and the failure of Adobe to address it in a timely manner is extremely troubling.
Adobe is trying to address the problem but they’re facing some major challenges. One of its biggest hurdles is its software update mechanism, which lags industry standards for effectively distributing security patches to the field.
The penetration of Adobe Flash and Acrobat is unparalleled – according to Adobe, 99% of Internet users run Flash. The Trusteer security system, with 2.5 million users in North America and Europe, reports that 98.8% of users have Flash active in their browser. Therefore, targeting Flash and Acrobat vulnerabilities is extremely efficient since it enables criminals to target the vast majority of Internet users.
By comparison, targeting vulnerabilities in Internet Explorer only reaches approximately 65% of Internet users. While Firefox-based attacks only reach 30%. Given these numbers, it is not surprising that criminals are much more focused today on Flash and Acrobat. Trusteer researchers are seeing more and more malware variants spreading through vulnerabilities in Flash and Acrobat.