If geeks love it, we’re on it

PDFs account for 80% of all exploits in 2009

PDFs account for 80% of all exploits in 2009

Security firm ScanSafe announced on Tuesday (PDF) that Adobe’s PDF document format was the target of 80% of all exploits in 2009.

According to the California company, vulnerabilities in Adobe Reader and Adobe Acrobat were the most-exploited software in 2009, growing from 56% in 1Q09, to 80% in 4Q09.

“When malicious exploit code was encountered in 2009, vulnerabilities involving malformed PDF files (Adobe Reader / Adobe Acrobat) were the most frequently targeted, followed by vulnerabilities in Adobe Flash,” the report reads. “Interestingly, as the rate of malicious PDF files increased in 2009, the rate of malicious Flash files decreased throughout the year.”

“The problem of recent surges in Adobe vulnerabilities has become of concern to many officials, prompting an unprecedented warning from Stephen Northcutt, president of the SANS Technology Institute, In the August 4, 2009 issue of SANS Newsbytes, Northcutt warned: ‘I think organizations should avoid Adobe if possible. Adobe security appears to be out of control, and using their products seems to put your organization at risk. Try to minimize your attack surface. Limit the use of Adobe products where you can.’”

Adobe’s security issues are further highlighted by the Common Vulnerabilities and Exposures (CVE) database, which shows a dramatic rise in reported flaws. In 2009, 107 Abode vulnerabilities were logged into CVE. That figure is nearly double the 58 added in 2008 and almost triple the 35 reported in 2006.

The surge in vulnerabilities, the report suggests, is owed to the continued widespread use and acceptance of PDFs at home and in the workplace.

Nevertheless, ScanSafe has tempered its report by noting that malware authors exploit the path of least resistance. With malware a growing, multi-billion dollar industry in 2009, and Adobe products and documents on the rise, it was a practical inevitability that the firm would be pulled into the crossfire.

Comments

  1. Annes
    Annes I wish I could say I was surprised, but I'm not. I really wish I could get everyone in my company to use Foxit instead, but some of the silly vendors we use require it (I can't find a way around it, either.)

    But if PDFs are the exploited, does the reader really matter?
  2. Thrax
    Thrax The PDFs exploit flaws in the reader, so I can presume that it does matter.
  3. GHoosdum
    GHoosdum I think it does matter, most of the web exploits are browser-specific... these PDF exploits are probably reader-specific. But that's just a guess.
  4. Komete
    Komete Hrmmm... So should I get rid of adobe reader and go with Foxit?
  5. GHoosdum
    GHoosdum I recommend it for the performance-robbing potential of Adobe alone. I honestly had no idea about the exploits until this post.
  6. mirage
    mirage Unfortunately Foxit does not work well with text selection tool and PDF forms for me. I recently went back to Adobe reader. I have disabled Java scripts and file attachments in the PDF files for security. Also disabled the two startup programs (AdobeARM and Speed Launcher). Version 9.3 is working fine for now and I do not see any speed difference compared to Foxit.
  7. DrLiam
    DrLiam I too have had a lot of problems with Foxit. There would be some pdfs that would refuse to open or foxit's editing tools would refuse to work. Yet the biggest problem for me was the embedded version for firefox, terrible. Six times out of ten the embedded foxit would either crash or the tools would not work. (Meaning I could not print!)
  8. Thrax
    Thrax FoxIt has been a dreamy dreamboat of a PDF reader for me. :) I've been using it for years, and I'll never go back.
  9. mirage
    mirage
    DrLiam said:
    I too have had a lot of problems with Foxit. There would be some pdfs that would refuse to open or foxit's editing tools would refuse to work. Yet the biggest problem for me was the embedded version for firefox, terrible. Six times out of ten the embedded foxit would either crash or the tools would not work. (Meaning I could not print!)
    With both readers, I disable the Firefox plugins as well. If there is a link to a PDF file, it should open in the PDF viewer's window. I hate it, really hate bloated software. Just a PDF viewer, and it marks every spot of my OS like a dog.
  10. Lightzout
    Lightzout I wonder how well Sumatra performs against these exploits. I love it. Windows 7 & Firefox open source (FREE) software that works with a simple UI, yes it does exist.
  11. Annes
    Annes Foxit is quickly falling from my good graces with its increasing size and resource use. The attempts to install toolbars and add an ebay link to my desktop don't help, either.

    Does anyone here use Sumatra?
  12. Linc
    Linc This is accounting for number of exploits, not percentage of actual exploitation, right? So 80% of documented exploit methods may have targetted PDF, but that doesn't mean 80% of people who got pwnt had it happen through PDF. I'd be interested to see what those numbers are before I got all uptight about what reader I'm using.
  13. Linc
    Linc How awesome is it that the linked report is a PDF?

    I AM SCARED.
  14. GHoosdum
    GHoosdum
    Annes said:
    Foxit is quickly falling from my good graces with its increasing size and resource use. The attempts to install toolbars and add an ebay link to my desktop don't help, either.

    Does anyone here use Sumatra?
    I used Sumatra for a while before switching to Foxit, and I found it to be too lightweight. Since it didn't install anything to the registry, there was no file association, so opening any PDF with Sumatra was a matter of saving the PDF, loading Sumatra, then opening the PDF from inside the program.

    It may have improved since then. It certainly didn't have a problem displaying the PDFs.

    I agree with you that Foxit has too many associated stuff trying to install now.

Howdy, Stranger!

You found the friendliest gaming & tech geeks around. Say hello!