IBM Report Labels Apple, Microsoft As Most Vulnerable

IBM has released its X-Force security report which has discovered that the number of disclosed vulnerabilities during the first half of 2010 shot up 36 percent from a year previously.

All told, IBM X-Force analysed and document 4,396 new vulnerabilities in the first half of the year. Leading the way in terms of having the most vulnerabilities is Apple, which accounted for 4 percent of all disclosures. Microsoft is No. 2 on the list, while No. 3 is Adobe Systems, thanks to a surge in issues involving Adobe Reader and Flash Player. In 2009, Adobe was ranked No. 9.

PDF Attacks

“The continued prevalence of the Gumblar – the exploit tool kit/group – is still helping to secure top positions for Adobe products, but PDF and Flash exploits are extremely popular in many other exploit tool kits as well,” an IBM spokesperson said. “An interesting change from the second half of 2009 is that ActiveX has dropped off the top-five list, at least for now … Judging by what we have observed thus far in 2010, it is safe to assume that 2010 will be dominated by PDF exploitation.”

Microsoft far outpaced other operating system vendors in terms of vulnerabilities with critical and high CVSS (Common Vulnerability Scoring System) ratings, accounting for 73 percent of those. In sheer numbers, however, Linux took the No. 1 spot, with Apple coming in at No. 2, according to the report.

Unpatched Bugs

About 55 percent of the vulnerabilities had no vendor-supplied patch at the end of the period, IBM said. Among the top 10 vendors with the most vulnerabilities, Sun Microsystems (Oracle) had the highest percentage of unpatched bugs at 24 percent. Microsoft was second highest with 23.2 percent.

“The leap in vulnerability disclosures relates to organisations taking a greater interest in exploitable software bugs as well as attackers continuing to develop their own infrastructure,” said Tom Cross, manager of IBM’s X-Force Advanced Research Team. “An area that both whitehat and blackhat security researchers are focusing on is automated vulnerability discovery through approaches such as fuzzing. Predicting disclosure increases into the future is going to be tricky for this reason and we may see the occasional plateau or decrease.”

The report also noted that attackers are continuing to make use of JavaScript obfuscation to hide malware. IBM detected a 52 percent increase in obfuscated attacks since 2009.

“Attackers have been using JavaScript to obfuscate web browser attacks for a few years, but X-Force believes that the topic comes up infrequently, yet it continues to be a problem,” Cross said. “With attackers continuing to innovate with JavaScript obfuscation, it is forcing security vendors to innovate [in the areas of] intelligent components and solutions too.”

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

3 hours ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

6 hours ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

8 hours ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

23 hours ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

1 day ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

1 day ago