SOFTPEDIA: According to statistics gathered by cloud security provider Zscaler, 56.4% of enterprise users have out of date Adobe Reader plug-in versions inside their browsers.
The company gathered statistics about browser plug-ins and presented the results in its “State of the Web” report [pdf] for the second quarter of 2011.
“Nearly every browser is running some combination of plug-ins, add-ons or extensions. As with most software, older versions of plug-ins typically have more security vulnerabilities. This adds up to a tempting target for hackers,” the company warns.
Adobe Flash is the most widely spread plug-in, being present in 93.62% of browsers scanned by Zscaler. However, only 8.44% of those installations are out of date.
Adobe Reader, which is the third-most popular plug-in with an install rate of 83.37% in the corporate environment is much more likely to be outdated.
Fortunately, Java, one of the most targeted browser plug-ins, has a very low deployment rate on enterprise computers, only 9.25% of them having it installed.
Even so, 6.49% of those run an outdated version which supports the theory that Java is commonly attacked because it has a poor update rate.
When it comes to corporate networks it is not mass exploitation attacks that are the primary concern, but targeted ones in which attackers exploit vulnerabilities to install information stealing trojans.
“These overlooked apps can be exploited to gain full control of an endpoint machine. When that endpoint machine is a member of a corporate domain, the hackers gain full access to all corporate data,” the Zscaler researchers warn.
It's worth noting however that these Adobe Reader stats might not reflect the actual risks. That's because Zscaler has not released a more detailed analysis of the actual versions.
Adobe Reader X (10.0) features sandboxing technology which makes it unlikely for attackers to successfully exploit vulnerabilities. This means that computers running any 10.x version, even oudated ones, can be fully protected against attacks.