SECURITY OUTFIT Kaspersky Lab has reported that Adobe applications dominated its top 10 vulnerabilities list for the first quarter of 2011, occupying five positions including first and second places.
In first place was an Adobe Acrobat Reader buffer flow vulnerability, which was found on 40.78 per cent of infected computers, according to Kaspersky Lab figures. Flash Player vulnerabilities took second and third place, while more Reader and Acrobat flaws as well as a Shockwave Player issue took two other places in the top 10.
Kaspersky said that last year most of the list was populated by Microsoft product issues, but there was only one in the latest top 10, a Microsoft Office handling vulnerability in eighth place.
The report also confirmed Microsoft findings from last year, which revealed that criminals were seeing the Java virtual machine as an increasing worthwhile target. Vulnerabilities in the Java JDK/JRE/SDK took the fourth and fifth spots. Apple Quicktime and Winamp vulnerabilities took sixth and seventh places in the top 10 list.
All the vulnerabilities allowed criminals to take control of a computer at the system level if successful. In total, Kaspersky found 28,752,203 vulnerable applications on computers it analysed.
The beginning of 2011 saw a continuing trend for cyber criminals to attack major corporations rather than home computers, due to the financial rewards available. Sony of course was one of the big companies to find this out recently.
"This is more risky for the attackers because unlike home users, major corporations can and will retaliate," the report said. "However, the stakes and thus the potential rewards involved with targeted attacks on corporations are higher and there are fewer competitors in this segment of the black market."
"Such companies usually serve huge numbers of customers and a successful attack may provide cybercriminals with keys to the digital wallets of large numbers of users in different parts of the world," it warned. µ
What could possibly go wrong...
Committee clams firm failed to implement 'adequate security'
Meme Ban means Meme Ban
It's anonymous data at first but the NYT figured out how to make it personal