With Adobe Reader Zero-Day Circulating, Patching for Older Bug Lags
As users await a patch for the latest zero-day flaw affecting Adobe Reader and Acrobat, they should check to make sure their defenses for other vulnerabilities are up-to-date. Research from Qualys shows that many users have still not applied a patch for the zero-day security hole Adobe Systems fixed in March.While Adobe Systems works to patch the recent zero-day bug discovered in its Adobe Reader and Acrobat products, new data from Qualys suggests many users are so behind in patching that hackers needn't feel rushed to exploit the flaw. According to Qualys, there has been no significant reduction in the number of machines vulnerable to APSA09-01, a zero-day bug patched by Adobe more than a month ago.
"If this trend continues to persist for the Adobe Reader vulnerabilities, which it has in all 2008 and as demonstrated in Laws 2.0 [PDF], attackers don't need to rush anymore; they can take their time in figuring out the best way to get an infected PDF file into their victims," opined Wolfgang Kandek, CTO of Qualys.