This is a classic case of putting functionality before security. If a bank building had been badly damaged by a truck running into it, you'd temporarily close it until it was fixed. Nobody would dream of advising customers to keep using that particular branch until the building had been checked and made safe. So why tell customers to continue using an application that's not secure while it's being fixed? For some reason we treat IT...
systems and software differently, happily allowing customers to carry on using them even when they're known to be insecure. I imagine that Fiserv's software uses some Adobe-related components -- for example, a component to display a PDF document -- and the application hasn't been upgraded to work with newer versions of Adobe Reader.
My big problem with this advisory is that Fiserv has no knowledge or control over how its customers use Adobe Reader for other tasks. This wasn't an advisory solely for internal staff whose surfing and use of Adobe could be more tightly controlled. Given the spate of recent zero-day vulnerabilities in Adobe products (see sidebar), their advice could easily have left customers exposed to flaws that are actively being exploited. It also undoes all the work that has gone into making people understand the importance of keeping their software up to date. Any application providers or companies who urge users to continue using outdated and insecure software because upgrading may break functionality in custom software are doing the industry a disservice.
The best way to avoid Adobe's security issues is to keep your system and software up to date with the latest patches and don't open any attachments from unknown sources. Also make sure your antivirus software provides some form of URL filtering to alert you should you inadvertently head to a known malicious site, as this is a common method used to install malware.
For more information: According to a report issued last month by ScanSafe, 80% of the Web-based attacks from malicious and hacked websites targeted Adobe Reader vulnerabilities in the last three months of 2009. Security firm F-Secure also noted that Adobe Reader vulnerabilities are by far the most popular for use in targeted email attacks.
Dig deeper on Securing Productivity Applications
Related Q&A from Michael Cobb
Security expert Michael Cobb explains what Open Authorization or OAuth 2.0 is, its pros and cons, and how it is different from bring your own ...continue reading
While the fundamentals of securing an e-commerce website haven't changed in a few years, there are new threat vectors and security risks to be aware ...continue reading
There are apps available that encrypt voice communications on smartphones and BYO devices, but are they really worth the investment? Expert Michael ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.