This is a classic case of putting functionality before security. If a bank building had been badly damaged by a...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
truck running into it, you'd temporarily close it until it was fixed. Nobody would dream of advising customers to keep using that particular branch until the building had been checked and made safe. So why tell customers to continue using an application that's not secure while it's being fixed? For some reason we treat IT systems and software differently, happily allowing customers to carry on using them even when they're known to be insecure. I imagine that Fiserv's software uses some Adobe-related components -- for example, a component to display a PDF document -- and the application hasn't been upgraded to work with newer versions of Adobe Reader.
My big problem with this advisory is that Fiserv has no knowledge or control over how its customers use Adobe Reader for other tasks. This wasn't an advisory solely for internal staff whose surfing and use of Adobe could be more tightly controlled. Given the spate of recent zero-day vulnerabilities in Adobe products (see sidebar), their advice could easily have left customers exposed to flaws that are actively being exploited. It also undoes all the work that has gone into making people understand the importance of keeping their software up to date. Any application providers or companies who urge users to continue using outdated and insecure software because upgrading may break functionality in custom software are doing the industry a disservice.
The best way to avoid Adobe's security issues is to keep your system and software up to date with the latest patches and don't open any attachments from unknown sources. Also make sure your antivirus software provides some form of URL filtering to alert you should you inadvertently head to a known malicious site, as this is a common method used to install malware.
For more information: According to a report issued last month by ScanSafe, 80% of the Web-based attacks from malicious and hacked websites targeted Adobe Reader vulnerabilities in the last three months of 2009. Security firm F-Secure also noted that Adobe Reader vulnerabilities are by far the most popular for use in targeted email attacks.
Dig Deeper on Securing Productivity Applications
Related Q&A from Michael Cobb
A web shell from the JexBoss security tool was used to exploit servers through an unpatched JBoss vulnerability. Expert Michael Cobb explains how to ...continue reading
The Android Trojan Triada has the ability to replace a device's system functions with its own. Expert Michael Cobb explains how to mitigate the ...continue reading
An old Java vulnerability was discovered to have been ineffectually patched. Expert Michael Cobb explains how this happened and what can be done to ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.