Detected Vulnerabilities on Rise: Report

Friday, March 27, 2015 @ 05:03 PM gHale

Over this past year 15,435 vulnerabilities ended up identified in 3,870 applications from 500 vendors, according to research from security firm Secunia.

This represents an 18 percent increase compared to the previous year, and a 55 percent increase over five years.

Insider Threat a Security Imperative
Mobile App Security Weak: Report
Zero Days Galore
Incidents Down; APTs on Rise

Of the total number of flaws detected last year, 11 percent rated “highly critical” and 0.3 percent rated “extremely critical.”

The percentage of highly critical vulnerabilities decreased compared to 2013 when more than 16 percent of issues were in this category. A majority of the bugs had patches available on the day they ended up disclosed, Secunia said.

“While an impressive 83 percent of vulnerabilities have a patch available on the day of disclosure, the number is virtually unchanged when we look 30 days ahead,” said Kasper Lindgaard, director of research and security at Secunia. “30 days on, just 84.3 percent have a patch available which essentially means that if it isn’t patched on the day of disclosure, chances are the vendor isn’t prioritizing the issue. That means you need to move to plan B, and apply alternative fixes to mitigate the risk.”

This improved time-to-patch rate shows that researchers continue to coordinate their vulnerability reports with vendors, Secunia officials said.

The company found the most common attack vector was remote network (over 60 percent), followed by local network, and local system.

As far as Zero Day vulnerabilities go, 25 ended up discovered in 2014, which is a significant increase compared to 2013 when there were 14 reported. Twenty of the Zero Days were in the 25 most popular software applications, including seven in operating systems.

The figures are a bit different when it comes to the top 50 most common applications found on a typical computer. This list consists of 34 products developed by Microsoft, including operating systems, and 16 products from other vendors.

Secunia said 18 products from the top 50 portfolio ended up plagued by 1,348 vulnerabilities in 2014. Nearly 75 percent of these security holes rated as highly or extremely critical.

Non-Microsoft applications accounted for 77 percent of vulnerabilities. Microsoft applications accounted for 21 percent of vulnerabilities, while the remaining 2 percent plagued the Windows 7 operating system.

The number of vulnerabilities uncovered in the most popular Web browsers (Chrome, Firefox, Internet Explorer, Opera and Safari) was 1,035. This represents a 42 percent increase compared to the previous year. The number of flaws found in Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader decreased to 45 (from 70 identified in 2013).

Click here to register for the Secunia Vulnerability Review 2015.

Leave a Reply

You must be logged in to post a comment.