Report: Adobe Reader, IE most targeted

Report: Adobe Reader, IE most targeted

Summary: The most exploited vulnerabilities tend to be Adobe Reader and Internet Explorer, but a rising target for exploits is Java.

SHARE:

The most exploited vulnerabilities tend to be Adobe Reader and Internet Explorer, but a rising target for exploits is Java, according to a report to be released on Wednesday by M86 Security Labs.

Of the 15 most exploited vulnerabilities observed by M86 Security Labs during the first half of this year, four involved Adobe Reader and five in Internet Explorer, the lab wrote in its latest security report for January through June 2010.

Also on the Top 15 list were vulnerabilities affecting Microsoft Access Snapshot Viewer, Real Player, Microsoft DirectShow, SSreader, and AOL SuperBuddy. Most of the exploits observed had been first reported more than a year earlier and were addressed by vendors, "highlighting the need to keep software updated with the latest versions and patches," the report said.

For more on this story, read Report: Adobe Reader, IE top vulnerability list on CNET News.

Topics: Enterprise Software, Browser, Microsoft, Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

1 comment
Log in or register to join the discussion
  • RE: Report: Adobe Reader, IE most targeted

    The same organization's report for last half of 2009 damned PDF:

    "From an attacker?s perspective, the advantages are quite simple: PDF files are not browser dependent, and Adobe Reader and Acrobat are immensely popular products with highly visibility in the marketplace. Finally, the other boon for attackers is the fact that PDF?s offer the ability to include dynamic content within a file.

    Considering these advantages, PDF exploits are frequently used in attack toolkits, along with flash files and more recently, java (jar) exploits. In some cases, a set of PDF exploits is the only mode of attack needed by a cyber criminal to attack via a Web page.

    Ultimately, PDF attacks tend to be very effective, with some achieving as high as 50% success rate."

    The latest report reveals that "Java is an area where the number of attacks is increasing" including "one such example we saw attempted to exploit Adobe Acrobat
    and Java."

    Distressing.
    Thad McIlroy, The Future of Publishing