
Adobe beats Microsoft in PC vulnerability top 10
Criminals like Acrobat, Reader, Flash and Shockwave
SECURITY OUTFIT Kaspersky Lab has reported that Adobe applications dominated its top 10 vulnerabilities list for the first quarter of 2011, occupying five positions including first and second places.
In first place was an Adobe Acrobat Reader buffer flow vulnerability, which was found on 40.78 per cent of infected computers, according to Kaspersky Lab figures. Flash Player vulnerabilities took second and third place, while more Reader and Acrobat flaws as well as a Shockwave Player issue took two other places in the top 10.
Kaspersky said that last year most of the list was populated by Microsoft product issues, but there was only one in the latest top 10, a Microsoft Office handling vulnerability in eighth place.
The report also confirmed Microsoft findings from last year, which revealed that criminals were seeing the Java virtual machine as an increasing worthwhile target. Vulnerabilities in the Java JDK/JRE/SDK took the fourth and fifth spots. Apple Quicktime and Winamp vulnerabilities took sixth and seventh places in the top 10 list.
All the vulnerabilities allowed criminals to take control of a computer at the system level if successful. In total, Kaspersky found 28,752,203 vulnerable applications on computers it analysed.
The beginning of 2011 saw a continuing trend for cyber criminals to attack major corporations rather than home computers, due to the financial rewards available. Sony of course was one of the big companies to find this out recently.
"This is more risky for the attackers because unlike home users, major corporations can and will retaliate," the report said. "However, the stakes and thus the potential rewards involved with targeted attacks on corporations are higher and there are fewer competitors in this segment of the black market."
And referring to attacks on other security companies HBGary and RSA Kaspersky complained, "It is alarming that IT security companies are the focus of so many attacks."
"Such companies usually serve huge numbers of customers and a successful attack may provide cybercriminals with keys to the digital wallets of large numbers of users in different parts of the world," it warned. µ
INQ Latest
Google Updates: Bye-bye Fit for web, no more forced arbitration and I/O ballot open
It's the week in Google
O2 has plans for 5G in four UK cities this year
You can probably guess which
Nvidia's GTX 1660 Ti brings Turing power to gamers on a budget
GPU is available in Blighty now for £260
Microsoft might bring Xbox Games Pass to the Nintendo Switch
Move could bring Halo and Gears of War to the hybrid console