IBM Report Labels Apple, Microsoft As Most Vulnerable

IBM has released its X-Force security report which has discovered that the number of disclosed vulnerabilities during the first half of 2010 shot up 36 percent from a year previously.

All told, IBM X-Force analysed and document 4,396 new vulnerabilities in the first half of the year. Leading the way in terms of having the most vulnerabilities is Apple, which accounted for 4 percent of all disclosures. Microsoft is No. 2 on the list, while No. 3 is Adobe Systems, thanks to a surge in issues involving Adobe Reader and Flash Player. In 2009, Adobe was ranked No. 9.

PDF Attacks

“The continued prevalence of the Gumblar – the exploit tool kit/group – is still helping to secure top positions for Adobe products, but PDF and Flash exploits are extremely popular in many other exploit tool kits as well,” an IBM spokesperson said. “An interesting change from the second half of 2009 is that ActiveX has dropped off the top-five list, at least for now … Judging by what we have observed thus far in 2010, it is safe to assume that 2010 will be dominated by PDF exploitation.”

Microsoft far outpaced other operating system vendors in terms of vulnerabilities with critical and high CVSS (Common Vulnerability Scoring System) ratings, accounting for 73 percent of those. In sheer numbers, however, Linux took the No. 1 spot, with Apple coming in at No. 2, according to the report.

Unpatched Bugs

About 55 percent of the vulnerabilities had no vendor-supplied patch at the end of the period, IBM said. Among the top 10 vendors with the most vulnerabilities, Sun Microsystems (Oracle) had the highest percentage of unpatched bugs at 24 percent. Microsoft was second highest with 23.2 percent.

“The leap in vulnerability disclosures relates to organisations taking a greater interest in exploitable software bugs as well as attackers continuing to develop their own infrastructure,” said Tom Cross, manager of IBM’s X-Force Advanced Research Team. “An area that both whitehat and blackhat security researchers are focusing on is automated vulnerability discovery through approaches such as fuzzing. Predicting disclosure increases into the future is going to be tricky for this reason and we may see the occasional plateau or decrease.”

The report also noted that attackers are continuing to make use of JavaScript obfuscation to hide malware. IBM detected a 52 percent increase in obfuscated attacks since 2009.

“Attackers have been using JavaScript to obfuscate web browser attacks for a few years, but X-Force believes that the topic comes up infrequently, yet it continues to be a problem,” Cross said. “With attackers continuing to innovate with JavaScript obfuscation, it is forcing security vendors to innovate [in the areas of] intelligent components and solutions too.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Nvidia Asked SK Hynix To Advance Next-Gen AI Memory Production

SK Hynix says Nvidia chief executive Jensen Huang asked if production of next-gen HBM4 memory…

6 mins ago

Is the Digital Transformation of Businesses Complete?

Digital transformation is an ongoing journey, requiring continuous adaptation, strong leadership, and skilled talent to…

20 hours ago

Craig Wright Faces Contempt Claim Over Bitcoin Lawsuit

Australian computer scientist faces contempt-of-court claim after suing Jack Dorsey's Block and Bitcoin Core developers…

21 hours ago

OpenAI Adds ChatGPT Search Features

OpenAI's ChatGPT gets search features, putting it in direct competition with Microsoft and Google, amidst…

22 hours ago

Google Maps Steers Into Local Information With AI Chat

New Google Maps allows users to ask for detailed information on local spots, adds AI-summarised…

22 hours ago

Huawei Sees Sales Surge, But Profits Fall

US-sanctioned Huawei sees sales surge in first three quarters of 2024 on domestic smartphone popularity,…

23 hours ago