IBM has released its X-Force security report which has discovered that the number of disclosed vulnerabilities during the first half of 2010 shot up 36 percent from a year previously.
All told, IBM X-Force analysed and document 4,396 new vulnerabilities in the first half of the year. Leading the way in terms of having the most vulnerabilities is Apple, which accounted for 4 percent of all disclosures. Microsoft is No. 2 on the list, while No. 3 is Adobe Systems, thanks to a surge in issues involving Adobe Reader and Flash Player. In 2009, Adobe was ranked No. 9.
“The continued prevalence of the Gumblar – the exploit tool kit/group – is still helping to secure top positions for Adobe products, but PDF and Flash exploits are extremely popular in many other exploit tool kits as well,” an IBM spokesperson said. “An interesting change from the second half of 2009 is that ActiveX has dropped off the top-five list, at least for now … Judging by what we have observed thus far in 2010, it is safe to assume that 2010 will be dominated by PDF exploitation.”
Microsoft far outpaced other operating system vendors in terms of vulnerabilities with critical and high CVSS (Common Vulnerability Scoring System) ratings, accounting for 73 percent of those. In sheer numbers, however, Linux took the No. 1 spot, with Apple coming in at No. 2, according to the report.
About 55 percent of the vulnerabilities had no vendor-supplied patch at the end of the period, IBM said. Among the top 10 vendors with the most vulnerabilities, Sun Microsystems (Oracle) had the highest percentage of unpatched bugs at 24 percent. Microsoft was second highest with 23.2 percent.
The report also noted that attackers are continuing to make use of JavaScript obfuscation to hide malware. IBM detected a 52 percent increase in obfuscated attacks since 2009.
“Attackers have been using JavaScript to obfuscate web browser attacks for a few years, but X-Force believes that the topic comes up infrequently, yet it continues to be a problem,” Cross said. “With attackers continuing to innovate with JavaScript obfuscation, it is forcing security vendors to innovate [in the areas of] intelligent components and solutions too.”
Google parent Alphabet sees market capitalisation surge over $2tn on plan to over first-ever cash…
Google asks Virginia federal court to dismiss case brought by US Justice Department and eight…
Snapchat parent Snap reports user growth, revenues in spite of tough competition, in what may…
Intel shares sag after company shares gloomy revenue predictions, as data centre chip demand hit…
Germany's Tuta Mail says Google broke EU's new DMA rules with March algorithm update that…
US auto safety regulator opens new investigation into adequacy of Tesla Autopilot recall, saying it…