Adobe Reader More Secure After Version 9

[nsane.forums]

Adobe Reader's automatic patching feature could at last be stemming the tide of attacks exploiting vulnerabilities in the PDF Reader, the latest Top Cyber Security Risks Report from SANS and its partners has suggested.

Using vulnerability data from co-author Qualys, Acrobat version 9 has now achieved a patching "half life" -- the time it takes for patches to reach more than 50 percent of affected systems -- of around 15 days, similar to the 14.5 days for the Windows OS itself.

Versions 7 and 8, which lack the automatic updating fared far worse, with patching half lives of 65 days during 2009. Even after six months, the patching "persistence" rate (the level of non-patching) was 45 percent, falling to 40 percent over following months.

As far as pre-version 9 versions are concerned, patching appears to be a low priority. PDF exploits, meanwhile, keep coming a rate that marks it out as a major security problem for companies and consumers alike.

Fifty percent of Acrobat Reader installations still use the older versions of Acrobat.

View: Original Article