The Biggest Security Hole on the Web?

    August 27, 2009
    Chris Crum

Two weeks ago, Adobe released a critical patch for Flash Player and Acrobat Reader. According to online security company Trusteer, about 80% of users are still vulnerable, and perhaps more startling, the company views this as being possibly the biggest security hole on the Internet today.

That 80% figure is based on Trusteer’s installed base of over 2.5 million online banking users of the company’s security service.

"The penetration of Adobe Flash and Acrobat is unparalleled," a spokesperson for Trusteer tells WebProNews. "According to Adobe, 99% of Internet users run Flash.

Reader and FlashSo so many people on the web are running Flash, and Adobe released the patch two weeks ago, why are so many still vulnerable? Trusteer thinks Adobe just has issues with distributing patches.

"Adobe is facing some major security challenges and one of its biggest hurdles is its software update mechanism.  For some reason, it is not effective enough in distributing security patches to the field," says Trusteer CEO Mickey Boodaei. "Given the lack of attention this situation has received to date, it appears that few people understand the magnitude of the problem. We recommend that all enterprises and individuals install the latest Flash and Acrobat updates immediately."

Accoreding to Trusteer, targeting products like Flash and Acrobat is attractive to wrongdoers because they reach such a huge portion of Internet users. Browser use is much more diversified with Internet Explorer reaching about 65% of users and Firefox reaching 30%. Targeting Adobe’s products just covers a lot more people.