Is Internet Explorer emerging as 'sweet spot for hackers?

Security

by CBR Staff Writer| 24 July 2014

IE also remains one of the most exploited products.

The number of Internet Explorer vulnerabilities have increased by more than 100% since 2013, leading to the release of the highest number of security patches in more than a decade during the first six months of 2014.

These were the findings of a new report from Bromium Labs noted. Last year, Oracle's Java was hit with highest malwares and zero day attacks, with several exploit kits having a field day with it.

The report noted: "The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray.

"Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers."

In particular, there were no zero day exploits reported during the first half targeted at Oracle's Java.

Despite being exploited by zero days, Adobe also offered hackers new ways to exploit the Internet Explorer browser.

"Unsurprisingly, all of the zero day attacks targeted end-user applications such as browsers and productivity applications like Microsoft Office," the report added.

"Typically these attacks are launched leveraging users as bait using classic spear-phishing tactics."

Furthermore, hackers created new ways to attack browsers leveraging 'Action Script Spray' to evade Address space layout randomisation (ASLR) and launch several zero day exploits.

The report added: "Much attention was paid to JAVA exploits in 2013 and countermeasures such as disabling Java may have had a role in forcing attackers to switch to new targets this year.

"Regardless of the causes, zero day exploits in JAVA have experienced a recent lull in activity. Time will tell."

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

761 people like this.
2022 people follow this.

Security Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.