RealWire Limited

Delivering Relevance, Releasing Influence

Issue Date

Tags
security
Secunia
zero-day vulnerability
software
Flexera Software
Adobe Flash


Newsroom
Flexera Software Newsroom
Release Feed
RSS FeedFlexera Software Feed
Share Release
Tweet Facebook LinkedIn Digg This
blink it Reddit! Stumble It! Add to Diigo Bookmark this on Delicious
Tweet Facebook LinkedIn
Press Release

If You Only Install One Security Update this Month, Make Sure it's Adobe Flash®!

A zero-day vulnerability discovered in Adobe Flash Player / AIR 20 could possibly be used to exploit end of life version 19 – found on 78 percent of all private US PCs.

Maidenhead, U.K. & Copenhagen, Denmark - January 19, 2016 – Secunia Research at Flexera Software, a leading provider of software vulnerability intelligence, has published country reports covering Q4 2015 for 14 countries. The reports provide a status on vulnerable software products on private PCs in those countries, listing the vulnerable applications and ranking them by the extent to which they expose those PCs to hackers.

Key findings in the UK Country Report include:

  • 78 percent of UK users had Adobe Flash Player 19 installed. This version is end-of-life and therefore no longer receives security updates from Adobe. Vulnerabilities in newer versions are used to exploit older versions. It is therefore important to remember to remove end-of-life products from your PC.
  • 11.4 percent of the non-Microsoft programmes on private UK PCs were unpatched in Q4. Only 4.1 percent of Microsoft® programmes were unpatched. UK users have 74 applications installed on average, from 26 different vendors. 31 of the 74 applications – nearly 42 percent - are Microsoft applications.
  • 8.0 percent of UK private users had not patched the Windows® operating system on their PC (covered by the report are Windows Vista, Windows 7, Windows 8, Windows 10).

The zero-day vulnerability in Adobe Flash disclosed on December 28, 2015, was rated “Extremely Critical” by Secunia Research, because it can be triggered from remote and can execute arbitrary code. The vulnerability can possibly be used to exploit older versions of Adobe Flash Player /AIR, too, including end-of-life version 19, which is found on 78 percent of all private UK PCs, per the UK Country Report document.

“The vulnerability discovered in Adobe Flash Player/ AIR 20 in December makes it even more important than usual to keep Adobe Flash Player up to date and get rid of end-of-life versions,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software. “Adobe Flash is the most popular application within exploit kits, because it is so widely used and can therefore be used to leverage access to different platforms and both private and corporate users. While security-aware organisations know not to allow Adobe Flash Player anywhere near their business critical systems, private PC users tend not to be quite so mindful.”

Non-Microsoft programmes are poorly patched on private PCs
On the average private UK PC, 74 applications are installed from a total of 26 different vendors. One vendor, Microsoft, is on average the producer of 31 of those applications. With automated updates and a well-established security patch process, Microsoft makes it easy for private users to stay patched: All that is required on a private PC is to keep the auto-update feature in the Microsoft Update center switched on – which is the default setting. This user-friendly approach to security is one explanation for why only 4.1 percent of Microsoft applications on private PCs are unpatched.

The patch status of the remaining 43 non-Microsoft applications is a different story, though. Nearly three times as many – 11.4 percent - of these applications are unpatched. This difference is mainly due to the fact that 25 different vendors are behind those 43 applications, and each of those vendors has its own update mechanism. Essentially, this means that users have to familiarise themselves with 25 different update mechanisms and install the updates every time they become available.

To help users stay secure Flexera Software offers the Personal Software Inspector (formerly Secunia PSI 3.0), a free computer security scanner which identifies software applications that are insecure and in need of security updates. It has been downloaded by over 8 million PC users globally to detect vulnerable and outdated programs and plug-ins.

The 14 Country Reports are based on data from scans by the Personal Software Inspector between January 1, 2015 and December 31, 2015.

- ###-

Resources:
Learn more about:

Follow us on…

About Flexera Software
Flexera Software helps application producers and enterprises increase application usage and security, enhancing the value they derive from their software. Our software licensing, compliance, cybersecurity and installation solutions are essential to ensure continuous licensing compliance, optimised software investments, and to future-proof businesses against the risks and costs of constantly changing technology. A marketplace leader for more than 25 years, 80,000+ customers turn to Flexera Software as a trusted and neutral source of knowledge and expertise, and for the automation and intelligence designed into our products. For more information, please go to: www.flexerasoftware.com.

Secunia – now Flexera Software
In September 2015, Flexera Software acquired Secunia, adding Secunia’s Software Vulnerability Management solutions to complement Flexera Software’s Software License Optimisation and Application Readiness solutions. Under Flexera Software, Secunia Research continues to perform vulnerability verification, issue Secunia Advisories and publish data on the global vulnerability landscape.

For more information, contact:
Vidushi Patel/ Nicola Males
Vanilla PR
prflexera@vanillapr.co.uk
+44 7958474632 / +447976652491