Top 10 Software with Security Problems

Share the joy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Drawn up by the Kaspersky security company, the IT Threat Evolution report is a ranked list which shows 10 of the most insecure software products. The 2012 Edition comes with a big surprise for Microsoft critics: the company’s products are no longer on the list.

This performance was achieved despite the fact that Microsoft products are used by a huge number of users, which makes any vulnerability to be hunted and exploited mercilessly for spreading malware. This ideal could be achieved thanks to an efficient automated distribution and installation of security patches, which were included in the new Windows versions and in application packages.

Microsoft-Security

According to Kaspersky, the Top 10 software vulnerabilities during Q3 2012 is as follows:

1.Oracle Java – multiple vulnerabilities with high degree of risk: DoS attacks(obtaining access to a vulnerable system and remote execution of arbitrary code using access rights to local user account) and Cross-Site Scripting (gain access to sensitive data).

2.Oracle Java Three – extremely high-risk vulnerabilities: Allows obtaining remote access to a system and run arbitrary code using the privileges of a local user account.

3.Adobe Flash Player – multiple vulnerabilities with high degree of risk: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account. Gain access to sensitive data.

4.Adobe Flash Player – multiple vulnerabilities with high degree of risk: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account. Facilitates bypassing security systems.

5.Adobe Reader / Acrobat – multiple vulnerabilities with very high risk: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account.

6.Apple QuickTime – multiple vulnerabilities with high degree of risk: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account.

7.Apple iTunes – multiple vulnerabilities with high degree of risk: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account.

8.Winamp AVI / IT File Processing – with high-risk vulnerabilities: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account.

9.Adobe Shockwave Player – multiple vulnerabilities with high degree of risk: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account.

10.Adobe Flash Player – multiple vulnerabilities with very high risk: Allow obtaining remote access to a system and run arbitrary code using the privileges of a local user account. Facilitates bypassing security systems and obtaining access to sensitive data.

The ranking is achieved by following a number of systems that have suffered from these presented vulnerabilities. These are usually the configurations on which outdated versions of the software are running, or have not received the necessary security updates.

If a few years ago Microsoft ran this classification, improvements to the Windows Update service used for Windows 7 and Vista have allowed the company to distribute security updates in a more efficient way. Windows 8 improves on the Windows Update functionality, but even so, the operating system remains the focus for hackers, who seem to have already found the first Type 0-day exploit for it.

Java-Threat

From the statistics provided by the Kaspersky also emerge some interesting information:

-28% of attacks targeted tablets and phones running Android 2.3.6 Gingerbread, which was launched in September 2011;
-56% of exploits discovered during Q3 2012 were using Java vulnerabilities;
-Were detected as many as 91.9 million infected URLs, 3% more than during Q2 2012;

The high degree spread of threats that exploit Jave vulnerabilities makes use of these technologies to be extremely risky, which is why more companies recommend disabling the Java support and even uninstalling the plugin component.


Share the joy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  

Author:

Share This Post On