Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BEWARE: Hackers are having a "Field Day" with Software Vulnerabilities


  • Please log in to reply
2 replies to this topic

#1 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 PM

Posted 29 August 2014 - 09:07 PM

The top 4 pieces of most commonly used vulnerable 3rd party software in 2012 / 2013 / 2014 are:

    Oracle Java Runtime environment
    Adobe Acrobat Reader
    Adobe Flash Player / Plugin
    Apple Quicktime

Of these 4, the Oracle Java Runtime Environment accounts for 180 registered vulnerabilities alone in 2013.

Full article at:  https://heimdalsecurity.com/blog/slow_software_vulnerability_patching/

 

Have a great day!

:bananas: :bounce:



BC AdBot (Login to Remove)

 


#2 rp88

rp88

  • Members
  • 3,067 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:12 PM

Posted 31 August 2014 - 07:17 PM

Glad i got rid of java months back, use chrome for all my pdf needs and don't use quicktime. Flash player isn't so easy though, i use the one within chrome but if i remember rightly it is almost identical to the adobe one.

The worst piece about all this though is that those 4 programs are almost always pre-installed on new machines, such that beginner users would think they are all needed for the system to function and hence won't uninstall/replace them.


Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,916 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:12 PM

Posted 01 September 2014 - 07:01 PM

This is not new.

We at BC have been warning our members for years that older versions of popular software such as Adobe (Acrobat Reader, Flash Player, Shockwave Player), Java, Windows Media Player, Web Browsers are vulnerable to exploits and should be kept updated. There are serious security issues with older versions which can increase the risk of system infection. Infections spread by malware writers and attackers exploiting unpatched security holes or vulnerabilities in older versions. Software applications are a favored target of malware writers who continue to exploit coding and design vulnerabilities with increasing aggressiveness.

The majority of computers get infected from visiting a specially crafted webpage that exploits one or multiple software vulnerabilities. It could be by clicking a link within an email or simply browsing the net, and it happens silently without any user interaction whatsoever.

Web Exploits

Exploit kits are a type of malicious toolkit used to exploit security holes found in software applications...for the purpose of spreading malware. These kits come with pre-written exploit code and target users running insecure or outdated software applications on their computers.

Exploit Kits - Anatomy of an exploit kit.
This vulnerability is covered in several topics.
Answers to common security questions - Best Practices for Safe Computing
How Malware Spreads - How did I get infected
How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users