Secunia Quarterly Country Report: PDF Readers are Left Wide Open to Attacks on Private US PCs

Copenhagen, Denmark - Apr 29, 2015 - Secunia, a leading provider of IT security solutions for vulnerability management, today published its latest batch of country reports for a total of 15 countries, including the US. The data in the US report shows that unpatched, vulnerable PDF readers are a big security issue for private PC users; that 14% of PC users in the US (up from 12.9% last quarter) have an unpatched operating system, and that Oracle Java yet again tops the list of applications exposing PCs to security risks.

Key findings in the US report include:

  • Adobe Reader 10 and 11 come in at number three and four on the Most Exposed List: Adobe Reader 10 with a 25% market share, 39 vulnerabilities and unpatched on 65% of PCs; Adobe Reader 11 with a 55% market share, 40 vulnerabilities and unpatched on 18% of PCs.
  • Oracle’s Java JRE 7 tops the list as the most exposed application on PCs in the US. With a market share of 54%, 77% of users have not installed the latest updates, despite 101 reported vulnerabilities.
  • 1 in 20 programs on the average US PC have reached end-of-life, meaning they are no longer supported by the vendor and do not receive security updates. Adobe Flash Player, one of the end-of-life applications, is still installed on no less than 78% of the PCs.
  • Other applications in the top 10 include Apple QuickTime, Microsoft Internet Explorer and uTorrent for Windows.

Secunia’s annual Vulnerability Review, published in March, identified that a total of 85% private users worldwide have a version of Adobe Reader installed on their PCs. The US report for Q1 corroborates the number. Kasper Lindgaard, Director of Research and Security at Secunia, comments on the issue: “It is worrying that, with such a high market share, one in five US users fail to patch their Adobe PDF reader. Considering the fact that PDF documents are a prominent attack vector used by hackers to gain entry into IT systems, users put themselves, and any system they are connected to, at risk by neglecting the security risk the popular reader represents when not maintained. It is paramount that users remember to patch their PDF readers, and that corporate IT teams have procedures in place to update all PDF readers on devices that are in any way connected to the company infrastructure,” says Lindgaard.

Vendors’ security updates are readily available; however, the average US user must master 27 different update mechanisms to ensure the latest patches are regularly applied. To simplify this process Secunia recommends users download its free Secunia PSI security tool, which has already been downloaded by more than 8 million private individuals globally to detect vulnerable programs and plug-ins. Once installed it can help PC users automatically patch vulnerable programs and stay secure.  For patch management in a corporate environment, IT security teams can also subscribe to the Secunia CSI.

Secunia’s Q1 Country Reports are averages based on scans of PCs by the Secunia PSI between January 1 and March 31, 2015. It is safe to assume that Secunia PSI users are more secure than the average PC user, and therefore these figures can be considered conservative estimates. 

You can download the report here.

Follow Flexera…

About Flexera

Flexera is reimagining the way software is bought, sold, managed and secured. We view the software industry as a supply chain, and make the business of buying and selling software and technology asset data more profitable, secure, and effective. Our Monetization and Security solutions help software sellers transform their business models, grow recurring revenues and minimize open source risk. Our Vulnerability and Software Asset Management (SAM) solutions strip waste and unpredictability out of procuring software, helping companies buy only the software and cloud services they need, manage what they have, and reduce compliance and security risk. The Flexera  RightScale multicloud management and cloud cost optimization solutions enable enterprises to drive top-line revenue while optimizing cloud usage to reduce risk and costs. Powering these solutions and the entire software supply chain, Flexera has built the world’s largest and most comprehensive repository of market intelligence on technology assets. In business for 30+ years, our 1300+ employees are passionate about helping our 80,000+ customers generate millions in ROI every year. Visit us at

For more information, contact:

Clement | Peterson Public Relations

*All third-party trademarks are the property of their respective owners.