The Inquirer-Home

Adobe beats Microsoft in PC vulnerability top 10

Criminals like Acrobat, Reader, Flash and Shockwave
Thu May 19 2011, 11:43

SECURITY OUTFIT Kaspersky Lab has reported that Adobe applications dominated its top 10 vulnerabilities list for the first quarter of 2011, occupying five positions including first and second places.

In first place was an Adobe Acrobat Reader buffer flow vulnerability, which was found on 40.78 per cent of infected computers, according to Kaspersky Lab figures. Flash Player vulnerabilities took second and third place, while more Reader and Acrobat flaws as well as a Shockwave Player issue took two other places in the top 10.

Kaspersky said that last year most of the list was populated by Microsoft product issues, but there was only one in the latest top 10, a Microsoft Office handling vulnerability in eighth place.

The report also confirmed Microsoft findings from last year, which revealed that criminals were seeing the Java virtual machine as an increasing worthwhile target. Vulnerabilities in the Java JDK/JRE/SDK took the fourth and fifth spots. Apple Quicktime and Winamp vulnerabilities took sixth and seventh places in the top 10 list.

All the vulnerabilities allowed criminals to take control of a computer at the system level if successful. In total, Kaspersky found 28,752,203 vulnerable applications on computers it analysed.

The beginning of 2011 saw a continuing trend for cyber criminals to attack major corporations rather than home computers, due to the financial rewards available. Sony of course was one of the big companies to find this out recently.

"This is more risky for the attackers because unlike home users, major corporations can and will retaliate," the report said. "However, the stakes and thus the potential rewards involved with targeted attacks on corporations are higher and there are fewer competitors in this segment of the black market."

And referring to attacks on other security companies HBGary and RSA Kaspersky complained, "It is alarming that IT security companies are the focus of so many attacks."

"Such companies usually serve huge numbers of customers and a successful attack may provide cybercriminals with keys to the digital wallets of large numbers of users in different parts of the world," it warned. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015