jebsblog

One has to wonder after reading these articles from yesterday’s ZDNet…

In their article, Report: Malicious PDF files comprised 80% of all exploits for 2009, ZDNet reports:

A newly released report shows that based on more than a trillion Web requests processed in 2009, the use of malicious PDF files exploiting flaws in Adobe Reader/Adobe Acrobat not only outpaced the use of Flash exploits, but also, grew to 80% of all exploits the company encountered throughout the year.

The other blog, Adobe plugs more gaping holes in PDF Reader, ZDNet reports that Adobe has released a new patch for the Adobe Reader yesterday.

This morning, both of my Windows XP machines lit up with an announcement that there was a new version of Flash Player available and urged me to install. I did despite the fact that I manually updated them all last week when the first stories appeared that the patch was released.

Perhaps the scariest conclusion noted in the ZDNet article about report from ScanSafe was that:

Therefore, the increasing use of malicious PDFs can also be interpreted as the direct result of the millions of users using outdated and exploitable Adobe products (emphasis mine), with the only preference a malicious attacker could have in this case remaining the incentive based on the 99% penetration of Adobe Flash on Internet-enabled PCs.

I guess the adage, “you have no one to blame but yourself” comes to mind, but clearly, people have come to expect that the people who make the stuff that they run on their computers ensure that their stuff is safe.

So the message here folks is: when you get a notice that there is a new version of your software available, drop everything and install it.