If You Only Install One Security Update This Month, Make Sure It's Adobe Flash(R)

A Zero-Day Vulnerability Discovered in Adobe Flash Player / AIR 20 Could Possibly Be Used to Exploit End of Life Version 19 -- Found on 73 Percent of All Private US PCs


COPENHAGEN, DENMARK, and ITASCA, IL--(Marketwired - January 19, 2016) - Secunia Research at Flexera Software, a leading provider of software vulnerability intelligence, has published country reports covering Q4 2015 for 14 countries. The reports provide a status on vulnerable software products on private PCs in those countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.

Key findings in the US Country Report include:

  • 73 percent of US users had Adobe Flash Player 19 installed. This version is end-of-life and therefore no longer receives security updates from Adobe. Vulnerabilities in newer versions are used to exploit older versions. It is therefore important to remember to remove end-of-life products from your PC.
  • 12.2% of the non-Microsoft programs on private US PCs were unpatched in Q4. Only 4.4 percent of Microsoft® programs were unpatched. US users have 76 applications installed on average, from 27 different vendors. 32 of the 76 applications -- 42 percent -- are Microsoft applications.
  • 9.9 percent of US private users had not patched the Windows® operating system on their PC (covered by the report are Windows Vista, Windows 7, Windows 8, Windows 10).

The zero-day vulnerability in Adobe Flash disclosed on December 28, 2015, was rated "Extremely Critical" by Secunia Research, because it can be triggered from remote and can execute arbitrary code. The vulnerability can possibly be used to exploit older versions of Adobe Flash Player /AIR, too, including end-of-life version 19, which is found on 73 percent of all private US PCs, as the US Country Report documents.

"The vulnerability discovered in Adobe Flash Player/ AIR 20 in December makes it even more important than usual to keep Adobe Flash Player up to date and get rid of end-of-life versions," said Kasper Lindgaard, Director of Secunia Research at Flexera Software. "Adobe Flash is the most popular application within exploit kits, because it is so widely used and can therefore be used to leverage access to different platforms and both private and corporate users. While security-aware organizations know not to allow Adobe Flash Player anywhere near their business critical systems, private PC users tend not to be quite so mindful."

Non-Microsoft programs are poorly patched on private PCs

On the average private US PC, 76 applications are installed from a total of 27 different vendors. One vendor, Microsoft, is on average the producer of 32 of those applications. With automated updates and a well-established security patch process, Microsoft makes it easy for private users to stay patched: All that is required on a private PC is to keep the auto-update feature in the Microsoft Update center switched on -- which is the default setting. This user-friendly approach to security is one explanation for why only 4.4 percent of Microsoft applications on private PCs are unpatched.

The patch status of the remaining 44 non-Microsoft applications is a different story, though. Three times as many -- 12.2 percent -- of these applications are unpatched. This difference is mainly due to the fact that 26 different vendors are behind those 44 applications, and each of those vendors have its own update mechanism. Essentially, this means that users have to familiarize themselves with 26 different update mechanisms and install the updates every time they become available.

To help users stay secure Flexera Software offers the Personal Software Inspector (formerly Secunia PSI 3.0), a free computer security scanner which identifies software applications that are insecure and in need of security updates. It has been downloaded by over 8 million PC users globally to detect vulnerable and outdated programs and plug-ins. 

The 14 Country Reports are based on data from scans by the Personal Software Inspector between January 1, 2015 and December 31, 2015.

Resources:

Learn more about:

  • Vulnerability Intelligence Manager
  • Corporate Software Inspector
  • Personal Software Inspector

Follow us on…

  • on LinkedIn
  • on Twitter
  • on Facebook
  • on Google+
  • via RSS

About Flexera Software

Flexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software. Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimized software investments, and to future-proof businesses against the risks and costs of constantly changing technology. A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com.

Secunia – now Flexera Software

In September 2015, Flexera Software acquired Secunia, adding Secunia's Software Vulnerability Management solutions to complement Flexera Software's Software License Optimization and Application Readiness solutions. Under Flexera Software, Secunia Research continues to perform vulnerability verification, issue Secunia Advisories and publish data on the global vulnerability landscape.

Contact Information:

For more information, contact:
PR and Content Manager 
Katrine Palsby