MICROSOFT'S INTERNET EXPLORER (IE) has seen a 100 percent explosion of reported security vulnerabilities in just six months, according to security firm Bromium labs.
Bromium has studied the security vulnerability market intensely and found that in the last six months Microsoft released more security patches than it had during the entire last decade. Internet Explorer also leads in publicly reported exploits.
"Internet Explorer took the cap for historic high number of security patches in over a decade, and that feat was accomplished in the first [six[ months of 2014," it said. "As timelines to the next version of the latest Internet Explorer shrink, times to the next security patches have also shrunk."
It is not all bad news for Microsoft, though, and the report said that Adobe Flash is the most targeted in-browser software product, adding that this often gives attackers new vectors into IE.
"End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks," said Bromium chief security architect Rahul Kashyap.
"Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently."
There's good news for Oracle, however. While its Java platform was "the notorious king" of malware and zero-day attacks in 2013, there have been no reported zero-day exploits targeting Java so far in 2014.
Bromium Labs' report (PDF) is called "Endpoint Exploitation Trends H1 2014" and is available now.
Ian Pratt, co-founder at Bromium, told us that while it is hit hard, Microsoft also pushes back hard.
"As the most popular browser, IE is always in the crosshairs of malware authors. Over the last few years, Microsoft have taken this threat seriously and have done a good job of implementing architectural improvements to harden newer versions of IE against attack, and are continuing to innovate and add new defences," he said.
"IE11 is certainly harder to exploit than several other popular browsers. Of course, IE suffers from a legacy version problem far more than other browsers, and this provides rife opportunities for attackers." µ
Plus, it's goodbye to Device Assist
Vulnerabilities in the iOS sandbox thankfully found by the good guys
Data watchdog will make sure firm is being fully transparent about the controversial move
Chinese firm reportedly forces staff to do 82 hours of overtime a month