IE Browser of Choice for Attacks

Thursday, July 24, 2014 @ 06:07 PM gHale


For the first six months of this year Internet Explorer (IE) vulnerabilities hiked more than 100 percent over last year, new research found.

In addition, researchers from Bromium Labs found public Java Zero Days are on the decline. Last year, Java led among vulnerabilities and public exploits, but this trend reversed this year. In the first six months of 2014, there has not been a single public Java exploit.

RELATED STORIES
Patch Tuesday for Internet Explorer
Breach Alert: Critical Infrastructure at 70%
Data Breaches: Not Learning from History
Sounding Off on Internet of Things

The researchers also discovered action script spray drives Zero Day attacks. Internet Explorer and Flash Zero Day attacks have leveraged action script sprays, a technique that bypasses address space layout randomization (ASLR) with a return-oriented program (ROP) chain.

“End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks” said Rahul Kashyap, chief security architect, Bromium. “Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.”

Click here for more details on the report.



Leave a Reply

You must be logged in to post a comment.