Sponsored By

Adobe apps top list of most vulnerable of the year

Adobe applications took another hit today with the dubious distinction of being ranked as the most vulnerable applications of 2009 -- this on the heels of a zero-day attack on Adobe Acrobat and Reader that was revealed yesterday.

The Top Vulnerable Applications for IT 2009 report by Bit9 is based on the National Institute of Standards and Technology's database, and many of the applications on the list are those typically downloaded by end users without knowledge or approval of their IT departments.

"These popular applications are frequently downloaded to laptops and desktops by users and can present unnecessary security risk to IT and business operations," said Tom Murphy, chief strategy officer for Bit9, in a statement.

Adobe's Acrobat, Flash Player, Reader, and Shockwave were at the top of the list, with vulnerabilities that were labeled as "high" by NIST. Their vulnerabilities allowed everything from remote code execution, memory corruption, and denial-of-service to application-crashing.

Also on the list of most vulnerable apps of the year are Apple Quicktime, Mozilla Firefox, Opera, RealPlayer, Sun Java, and Trillian. The list encompasses applications that run on Windows, are frequently downloaded by individuals, and are not considered malicious by IT organizations or security vendors, according to Bit9. Apps on the list also had to contain one critical vulnerability and cannot be automatically updated with enterprise updates from Microsoft or other sources. These are apps that must be patched or upgraded to fix a bug by the end user himself, according to Bit9.

NIST's vulnerabilty database can be found here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights