Researchers at Moscow-based security vendor Kaspersky Lab put out a quarterly malware report listing the top 10 vulnerability report in files and programs that are left unpatched. What made this particular list interesting was who was left off it – namely Microsoft.
According to Kaspersky, for the first time ever Microsoft was not among the vendors to appear on its top 10 vulnerabilities list.
The same could not be said for Apple, however, whose QuickTime and iTunes programs were both included.
Related Story: What a cyber Pearl Harbor might look like
In the third quarter of this year, a total of 30,749,066 vulnerable programs and files were detected on computers of Kaspersky Security Network (KSN) users, with an average of eight different vulnerabilities were detected on each affected computer. The two most frequently exploited vulnerabilities were in Oracle Java, accounting for 35 per cent and 21.70 per cent of affected computers respectively.
The Top 10 includes five spots going to Adobe’s Flash, Reader/Acrobat, and Acrobat. Apple’s QuickTime and iTunes came in at sixth and seventh place, with vulnerabilities showing up on 13.8 per cent and 11.7 per cent of computers respectively.
Here is the Top 10:
1. Oracle Java (20/08/2012)
2. Oracle Java (31/08/2012)
3. Adobe Flash Player (25.09.2012)
4. Adobe Flash Player (11.01.2012)
5. Adobe Reader (11.01.2012)
6. Apple QuickTime (23.08.2012)
7. Apple ITunes (10.07.2012)
8. Winamp AVI (03.08.2012)
9. Adobe Shockwave Player (14.08.2012)
10. Adobe Flash Player (09.11.2010)
Kaspersky said that any of the Top 10 Vulnerabilities can jeopardize a computer’s security because they all allow cybercriminals to gain full control of the system using exploits Microsoft did not appear on the Top 10 vulnerabilities list for the first time ever, primarily because the automatic updates mechanism in recent versions of Windows has been well developed.
More than half (57 per cent) of all malware detected on smartphones was SMS Trojans – malicious programs that steal money from victims’ mobile accounts by sending SMS messages to premium rate numbers.
However, the latest data reveals that SMS Trojans are gradually being replaced by more sophisticated and versatile data-accessing and data-stealing Trojans and malicious programs, which accounted for a combined 36 per cent of Android malware in Q3 2012.
In Q3 2012, Java vulnerabilities were used in more than half of all attacks (56 per cent). According to Oracle, different versions of this virtual machine are installed on over 1.1 billion computers and because updates for Java software are installed on demand rather than automatically, there is a longer shelf-life for vulnerabilities. Java vulnerabilities continue to be a favourite of cybercriminals, as Java exploits are easy to use under any Windows version, and with some additional work by cybercriminals, cross-platform exploits can easily be created.