Kaspersky: 12 different vulnerabilities detected on every PC

Kaspersky: 12 different vulnerabilities detected on every PC

Summary: Researchers from Kaspersky have sampled their customer base, and found out that on average, every PC has 12 different vulnerabilities.

SHARE:
TOPICS: Hardware, Security
26

Researchers from Kaspersky have sampled their customer base, and found out that on average, every PC has 12 different vulnerabilities.

During the second quarter of 2011, the company saw 27,289,171 vulnerable applications and files detected on users’ computers, and detected an average of 12 different vulnerabilities on each computer.

Here are the vulnerabilities discovered:

  • Adobe Reader / Acrobat SING "uniqueName" Buffer Overflow Vulnerability
  • Sun Java JDK / JRE / SDK Multiple Vulnerabilities
  • Adobe Flash Player SharedObject Type Confusion Vulnerability
  • Adobe Flash Player Multiple Vulnerabilities
  • Adobe Flash Player Multiple Vulnerabilities
  • Sun Java JDK / JRE / SDK Multiple Vulnerabilities
  • Adobe Flash Player / AIR AVM2 Instruction Sequence Handling Vulnerability
  • Adobe Flash Player Unspecified Memory Corruption Vulnerability
  • Adobe Shockwave Player Multiple Vulnerabilities
  • Adobe Flash Player Unspecified Cross-Site Scripting Vulnerability

The company contributes the decline in Windows vulnerabilities, to improvements in the automatic Windows update mechanism and the growing proportion of users who have Windows 7 installed on their PCs. Moreover, Kaspersky Labs emphasizes on the fact that seven of the Top 10 vulnerabilities are found in one product only — Adobe Flash Player, and that vulnerabilities from 2007-2008 remain in the Top 10, with seven of the ten vulnerabilities were discovered in 2011, and the other three in 2010.

See also

With vulnerabilities found in Acrobat Reader and Adobe products clearly dominating the threatscape, end users and enterprise users should ensure that they are running the latest versions of their installed applications and browser plugins, at any time.

Topics: Hardware, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

26 comments
Log in or register to join the discussion
  • RE: Kaspersky: 12 different vulnerabilities detected on every PC

    It's time for flash to die so that the world wide web will be a little more safer
    shellcodes_coder
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @shellcodes_coder

      No, it isn't. Even HTML5 cannot do everything that Flash can do and Flash is only a problem because they have to keep backwards compatibility with Flash back to version 6.
      Lerianis10
      • RE: Kaspersky: 12 different vulnerabilities detected on every PC

        @Lerianis10

        Which is even more reason why Flash needs to die.

        And forget backward compatibility. That's only an excuse for lazy website developers not to upgrade.
        ScorpioBlue
  • One of the reasons there are so many vulnerabilities...

    ...is that it seems impossible to install the updated versions of Flash. I've tried repeatedly, and it fails every time.
    GrizzledGeezer
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @GrizzledGeezer
      I had the same problem trying to update Flash from Adobe's website. If you go through their support forums, there's an ActiveX Flash download that finally worked for me.
      swmace
      • RE: Kaspersky: 12 different vulnerabilities detected on every PC

        @swmace Yes, but you really shouldn't have to, now.
        bargeemike
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @GrizzledGeezer Thank god it's not just me. I can see why Steve Jobs keeps it off Apple products.
      bargeemike
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @GrizzledGeezer
      got to ninite .com and pick out what you need to have updated all the adobe and java are there small program run once a week and your good to go.
      sirteddy
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @GrizzledGeezer
      Also double check the system clock.. I ran into issues if the system date is off the cert in the installer will fail at 50%.
      Anthony E
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @GrizzledGeezer
      I had this problem on a regular basis until I discovered that after you click "Install" on the pop up window, a license agreement window minimizes itself to a tab. You have to open the tab, then click the dim bullet slot next to "I Agree." Then it installs okay.
      Sort of a flaky way to update Flash, if you ask me.
      ITOdeed
      • RE: Kaspersky: 12 different vulnerabilities detected on every PC

        @ITOdeed

        That license agreement should NOT be minimizing itself like that. I've never had it so that.... hell, since Flash 9, I haven't had any license stuff pop-up.
        Lerianis10
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @GrizzledGeezer

      BULLSHIT! I've installed Flash on my systems many a time, and since version 8, I have YET to have a Flash installation fail. I have had it tell me "Please close X browser to continue!" and it continues as soon as I close that browser.

      If you are having problems with Flash installing, get Baku, weed out all the old Flash registry entries, and your problem will be solved.
      Lerianis10
  • RE: Kaspersky: 12 different vulnerabilities detected on every PC

    Use Secunia PSI on all your home systems to ensure you are running latest versions; end of problem!
    JavaJobber
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @JavaJobber That and use Enhanced Mitigation Experience Toolkit to harden Windows and other applications which have many vulnerabilities.
      TigerRaptorFX
  • RE: Kaspersky: 12 different vulnerabilities detected on every PC

    I use Microsoft security Essentials, and boy does it work, finds all the Virus probs first time. Have also tried the 2 top names in virus protection. But they missed the vulnerabilities every time .Now don't get me wrong not Knocking any Virus program ,as long as you keep them up to date most work ,But MSE updates automatically when computer starts and that seems to be the trick that works over all the others.The minute it finds Virus i suggest you do a full scan as viruses can get in to the restore and the full scan takes it out
    mayres
  • Remedial statistics (Can you guys fix the title?)

    The title: "Kaspersky: 12 different vulnerabilities detected on every PC" is not anywhere close to accurately representing the content of the article. I'd recommend: "Kaspersky: Average PC has 12 different vulnerabilities; Adobe responsible for 8 of top 10." This accurately describes the most significant points and should still be eye-catching enough.

    ZDNet has plenty of sensational, but accurate titles, but this one shows horribly poor math. You only find the word "average" in the summary below the big type. If I sampled the ages of everybody in a theater and found the _average_ was 25, I could hardly say: "Every theater-goer is aged 25."

    While I am picking at nits, your article leads off with saying there were "12 different vulnerabilities" and then shows a graph whose contents total 10. It then states: "Here are the vulnerabilities discovered:" and lists ten items. Only at the bottom is a "Top 10" list mentioned in passing. I had to read the cited article to figure out the list of vulnerabilities _was_ the Top 10 list you gave and the graph only addressed the Top 10. It would much less confusing to mention at the very beginning: "Here are the Top 10 vulnerabilities discovered:" or something along those lines, which would also help make the graph make sense.
    JJMach
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @JJMach you read my mind... good comment.
      SinfoCOMAR
  • RE: Kaspersky: 12 different vulnerabilities detected on every PC

    Use Foxit instead of Adobe Reader: is smaller and more secure. Of course, is also free
    pablo.handler@...
    • RE: Kaspersky: 12 different vulnerabilities detected on every PC

      @pablo.handler@... FoxIt won't open all versions of PDF.
      SinfoCOMAR
      • RE: Kaspersky: 12 different vulnerabilities detected on every PC

        @SinfoCOMAR

        Nitro PDF however will, except on websites where they are a little too specific about which plugin can be used to open .pdf files.
        Lerianis10