By Kurt Mackie
July 19, 2010
The majority of Internet security threats come from unpatched
vulnerabilities in Adobe Acrobat/Reader and Microsoft's Internet
Explorer browser, according to an industry study.
Those two programs topped a list of the "15 most observed
vulnerabilities" on the Web, according to M86 Security's "Security Labs
Report: January-June 2010 Recap," released this week. The
vulnerabilities persist even though Adobe and Microsoft have issued
fixes for the flaws. Some users apparently haven't applied the patches,
which date back to 2006 in one case.
Topping the list of commonly unpatched vulnerabilities is the Adobe
Acrobat/Reader "CollectEmailInfo" flaw, for which a patch was issued in
2008. Next is the "deleted object event handling process" flaw in
Internet Explorer, which had a patch issued this year. An "RDS ActiveX"
flaw in Microsoft Internet Explorer ranks third on the list, even though
a patch was issued in 2006.
All told, according to report, Microsoft Internet Explorer constituted
five of the top 15 vulnerabilities, while Adobe Reader represented four
of the top 15 vulnerabilities. M86 Security's complete list of
vulnerabilities can be found in the report here (PDF download).
Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada
July 24-29th, offering over 60 training sessions and 11 tracks of Briefings
from security industry elite. To sign up visit http://www.blackhat.com