Of the 15 most exploited vulnerabilities observed by M86 Security Labs during the first half of this year, four involved Adobe Reader and five in Internet Explorer, the lab wrote in its latest security report for January through June 2010.More info at CNET.
Also on the Top 15 list were vulnerabilities affecting Microsoft Access Snapshot Viewer, Real Player, Microsoft DirectShow, SSreader, and AOL SuperBuddy. Most of the exploits observed had been first reported more than a year earlier and were addressed by vendors, "highlighting the need to keep software updated with the latest versions and patches," the report said.
More Java-based vulnerabilities have been actively exploited, reflecting attackers' attraction to Java's popularity and broad install base. In the most common attack scenario, browsers visiting a legitimate Web site are redirected by a hidden iFrame or JavaScript to a malicious Web page that hosts a malicious Java applet, according to the report.
Java to become next target for attackers?
Posted on Thursday, July 15 2010 @ 1:26 CEST by Thomas De MaesschalckSecurity firm M86 Security Labs released details on the most exploited vulnerabilities. The company says Adobe Reader and Internet Explorer are the biggest targets, but warns that Java is the next low-hanging fruit for cyberattackers due to the high install base of this plugin.
