Bromium Labs analyzed the number of public vulnerabilities and exploits in popular PC software and noticed that the number of new security flaws found in Internet Explorer increased by over 100 percent in the first half of this year. There were fewer vulnerabilities found in Adobe's Flash and Reader software and Oracl's Java plug-in also managed to stay out of the spotlights, in fact, there wasn't even a single public exploit for Java in the first half of this year.
Hackers increasingly target Internet Explorer – Analysis indicates that Microsoft Internet Explorer vulnerabilities have increased more than 100 percent since 2013, a trend underscored by a progressively shorter time to first patch for its past two releases.
Public JAVA zero-days decline – In 2013, Java led among vulnerabilities and public exploits, but this trend has reversed in 2014. In fact, in the first six months of 2014, there has not been a single public JAVA exploit.
Action Script Spray drives zero-day attacks – Both Internet Explorer and Flash zero-day attacks have leveraged Action Script Sprays, an emerging technique that bypasses address space layout randomization (ASLR) with a return-oriented program (ROP) chain.