Avast says six in 10 Adobe Reader users are unpatched

More than half of the copies of Adobe Reader currently in use are missing important security updates which could leave users vulnerable to attack, according to security firm Avast.

A survey asking customers which version of the Adobe Reader software tool they had installed found that 60.2 per cent were not running the latest patched version.

Additionally, 20 per cent of the respondents were running a version of the software more than two generations old.

Unpatched systems can be particularly vulnerable to malware because attackers often target known flaws to infect poorly maintained systems with malware.

The danger is elevated with Adobe Reader, which has become a favoured target in recent years owing to the ubiquity of the PDF file format.

"There is a basic assumption that people will automatically update or migrate to the newer version of any program," said Avast chief technical officer Ondrej Vlcek.

"At least with Adobe Reader, this assumption is wrong, and it's exposing users to a wide range of potential threats."

Adobe and Avast recommend that users and administrators keep their software up to date and always apply the latest patches. In the case of many large enterprises, however, installing patches can be anything but trivial.

Paula Musich, a senior analyst for enterprise network and security at Current Analysis, told V3.co.uk that, for many firms, keeping end users patched and updated is much more complex than it sounds.

"Sometimes there is a disconnect between the endpoint administrators and the security staff as far as updates are concerned," she said.

"Security is going to say update all the time, but sometimes patches introduce things that cause other things to break."

The need for testing and deployment processes to avoid those conflicts means that many businesses will inevitably see a gap between an update being released and its deployment to end-user systems.