Browsers make up another 14 percent and Android is the third most targeted platform with a share of 12 percent. Everything else is no longer a big hit, Adobe Flash accounts for just 1 percent and Java for a mere 3 percent.
Interestingly, it's not Office itself that is the most exploited, but related components:
For example, two of the most exploited vulnerabilities, CVE-2017-11882 and CVE-2018-0802, impact Office's legacy Equation Editor component.
"A look at the most exploited vulnerabilities of 2018 confirms exactly that: Malware authors prefer simple, logical bugs," the company said.
"That is why the equation editor vulnerabilities CVE-2017-11882 and CVE-2018-0802 are now the most exploited bugs in MS Office. Simply put, they are reliable and work in every version of Word released in the past 17 years," researchers said. "And, most important, building an exploit for either one requires no advanced skills."
Via: ZD Net