Vulnerabilities in IE doubled in 1H 2014

Posted on Thursday, Jul 24 2014 @ 14:59 CEST by Thomas De Maesschalck
Bromium Labs analyzed the number of public vulnerabilities and exploits in popular PC software and noticed that the number of new security flaws found in Internet Explorer increased by over 100 percent in the first half of this year. There were fewer vulnerabilities found in Adobe's Flash and Reader software and Oracl's Java plug-in also managed to stay out of the spotlights, in fact, there wasn't even a single public exploit for Java in the first half of this year.
Hackers increasingly target Internet Explorer – Analysis indicates that Microsoft Internet Explorer vulnerabilities have increased more than 100 percent since 2013, a trend underscored by a progressively shorter time to first patch for its past two releases.

Public JAVA zero-days decline – In 2013, Java led among vulnerabilities and public exploits, but this trend has reversed in 2014. In fact, in the first six months of 2014, there has not been a single public JAVA exploit.

Action Script Spray drives zero-day attacks – Both Internet Explorer and Flash zero-day attacks have leveraged Action Script Sprays, an emerging technique that bypasses address space layout randomization (ASLR) with a return-oriented program (ROP) chain.
vulnerabilities in software

Source: Net Security

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments