Secunia Research at Flexera Software has published a report covering the fourth quarter of 2015 for 14 countries, regarding vulnerable software, applications and PCs.
Turns out we're not really good at keeping our computers safe, and our software up to date.
The key finding of the UK Country Report says that 78 per cent of users have Adobe Flash Player 19 installed. This is an end-of-life version of Flash, one which no longer receives updates from Adobe.
Secunia links this to the vulnerability discovered in Flash on December 28 2015, which was rated 'Extremely Critical', as it can be triggered from remote and can execute arbitrary code.
Vulnerabilities in newer versions can be (and probably are, often) used to exploit these older versions, which is why Secunia Research urges everybody to patch their Flash Player immediately, and remove any end-of-life products they might have.
“The vulnerability discovered in Adobe Flash Player/ AIR 20 in December makes it even more important than usual to keep Adobe Flash Player up to date and get rid of end-of-life versions,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software. “Adobe Flash is the most popular application within exploit kits, because it is so widely used and can therefore be used to leverage access to different platforms and both private and corporate users. While security-aware organisations know not to allow Adobe Flash Player anywhere near their business critical systems, private PC users tend not to be quite so mindful.”
Other programs are also rarely patched, the report suggest, saying that non-Microsoft software is usually critical. It says that 11.4 per cent of non-Microsoft programs on private PCs were unpatched in Q4, while only 4.1 per cent of Microsoft programs were unpatched.