Current Headline

Listen to Your Daily Tune's

Friday, December 18, 2009

The Year's Most-Hacked Software

 The Year's Most-Hacked Software

At the beginning of this decade, Microsoft represented a cybercriminal's dream target: universally-used software, brimming with bugs ready to be exploited to hijack users' PCs. But as the software giant has slowly cleaned up its security flaws, hackers are looking toward another vendor whose products are nearly as ubiquitous and whose bounty of vulnerabilities are just being discovered: Adobe.

According to Verisign's bug tracking division iDefense, 45 bugs in Adobe's Reader software were found by either cybersecurity researchers or malicious hackers this year and patched. In 2008, iDefense found 14 Reader bugs, double the number in 2007

Apple Quicktime 

Apple and its adherents like to boast that their machines are immune from malicious software. But that relative security comes from low market share, not careful coding. Quicktime's bugs show that Apple's coders have no silver bullet for writing secure browser plugins; 26 bugs were found in Quicktime this year. That's down from the 36 found last year, but still far more than the three found in Windows Media Player.

Microsoft Office
 Cybersecurity researchers warn that targeted attacks, aimed at specific companies or individuals rather than an indiscriminate trawl of the Web, are on the rise. While Adobe Reader remains the widest avenue for those attacks, many use Microsoft Office applications--an infected PowerPoint, Excel or Word document attached to an e-mail can seem trustworthy and exploit a bug to plant malicious software on whoever opens the file. IDefense tracked 41 bugs found in Microsoft Office this year, down from 44 last year.


Despite hackers' attention shifting largely to browsers and browser plugins, the operating system is still a major target. That's partly because Windows vulnerabilities can be exploited without the user actually doing anything. The Conficker worm, for instance, spread to 7 million PCs at last count in October without requiring a user to visit a Web site, open an attachment or do anything else other than leave their computer running. Qualys chief technology officer Wolfgang Kandek says that "wormable" quality to Windows bugs means they remain his top priority.

Adobe Flash
Less exploited than Adobe Reader, but still high on cybersecurity researchers' lists of most-often hacked programs this year, was Adobe's Flash. Eleven vulnerabilities were found in the program this year, down from 19 last year. Those vulnerabilities have the potential to be dangerous, given that a flash animation or video playing on a Web site requires no interaction with the user to infect and compromise his or her machine with malicious software.

Mozilla Firefox 

As Firefox has gained market share--now nearly 25% of users browse the Web with the open-source program--it's also gained attention from hackers, both the friendly and unfriendly kind. Researchers and cybercriminals found 102 bugs in Firefox this year, up from 90 last year. That high number shouldn't be compared directly with the 30 bugs found in 2009 in IE, given that Firefox is an open-source program and Mozilla publicly reveals all its bug finds. But the trend toward more vulnerabilities rather than less doesn't bode well

Internet Explorer
With around 65% market share and a complex code base with no shortage of bugs, IE remains a huge target for hackers. A browser bug can allow so-called "drive-by downloads," putting malicious software on the machine of a user who merely visits a site set to infect them. But Microsoft has conscientiously improved its security procedures to minimize publicly known bugs. Hackers and security researchers found 30 bugs in IE this year, the same number as last year and down dramatically from the 49 found in 2007.

Adobe Reader

When we asked cybersecurity researchers to name the most hacked software of 2009, many said Adobe has in many ways replaced Microsoft as the top target for hackers and the top concern for cybersecurity. Security firm iDefense tracked 45 bugs in the Adobe Reader program this year, up from 14 in 2008 and seven in 2007. That's because Reader is a universally used program with a wide base of potential victims. But it's also because the program's code-base is complex: Reader can run Javascript to enable animations and dynamic charts in PDFs. That means plenty of bugs, and the access to local memory necessary to exploit them and compromise a victim's PC.

Adobe Reader

The cybersecurity industry often puts the blame for malicious software infection on users who open suspicious attachments or don't use antivirus software. But there's another factor in practically every cyber attack: The buggy software whose vulnerability allows an attacker to compromise the user's computer. We polled researchers at Qualys, Tipping Point, iDefense and Veracode to create a list of the software they consider the most often hacked this year.

1 comment:

  1. Dear Blogger, You query has been answered by Ms Reetha: View at


Related Posts with Thumbnails

Xpert-Zone Blog Overview