This is a classic case of putting functionality before security. If a bank building had been badly damaged by a...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
truck running into it, you'd temporarily close it until it was fixed. Nobody would dream of advising customers to keep using that particular branch until the building had been checked and made safe. So why tell customers to continue using an application that's not secure while it's being fixed? For some reason we treat IT systems and software differently, happily allowing customers to carry on using them even when they're known to be insecure. I imagine that Fiserv's software uses some Adobe-related components -- for example, a component to display a PDF document -- and the application hasn't been upgraded to work with newer versions of Adobe Reader.
My big problem with this advisory is that Fiserv has no knowledge or control over how its customers use Adobe Reader for other tasks. This wasn't an advisory solely for internal staff whose surfing and use of Adobe could be more tightly controlled. Given the spate of recent zero-day vulnerabilities in Adobe products (see sidebar), their advice could easily have left customers exposed to flaws that are actively being exploited. It also undoes all the work that has gone into making people understand the importance of keeping their software up to date. Any application providers or companies who urge users to continue using outdated and insecure software because upgrading may break functionality in custom software are doing the industry a disservice.
The best way to avoid Adobe's security issues is to keep your system and software up to date with the latest patches and don't open any attachments from unknown sources. Also make sure your antivirus software provides some form of URL filtering to alert you should you inadvertently head to a known malicious site, as this is a common method used to install malware.
For more information: According to a report issued last month by ScanSafe, 80% of the Web-based attacks from malicious and hacked websites targeted Adobe Reader vulnerabilities in the last three months of 2009. Security firm F-Secure also noted that Adobe Reader vulnerabilities are by far the most popular for use in targeted email attacks.
Dig Deeper on Securing Productivity Applications
Related Q&A from Michael Cobb
Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how ...continue reading
Companies and government agencies handling criminal justice information need to comply with CJIS Security Policy. Expert Michael Cobb explains the ...continue reading
An Intel chip flaw lets attackers bypass ASLR protection on most operating systems. Expert Michael Cobb explains the vulnerability and how to prevent...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.