Adobe apps top list of most vulnerable of the year
December 16, 2009
Adobe applications took another hit today with the dubious distinction of being ranked as the most vulnerable applications of 2009 -- this on the heels of a zero-day attack on Adobe Acrobat and Reader that was revealed yesterday.
The Top Vulnerable Applications for IT 2009 report by Bit9 is based on the National Institute of Standards and Technology's database, and many of the applications on the list are those typically downloaded by end users without knowledge or approval of their IT departments.
"These popular applications are frequently downloaded to laptops and desktops by users and can present unnecessary security risk to IT and business operations," said Tom Murphy, chief strategy officer for Bit9, in a statement.
Adobe's Acrobat, Flash Player, Reader, and Shockwave were at the top of the list, with vulnerabilities that were labeled as "high" by NIST. Their vulnerabilities allowed everything from remote code execution, memory corruption, and denial-of-service to application-crashing.
Also on the list of most vulnerable apps of the year are Apple Quicktime, Mozilla Firefox, Opera, RealPlayer, Sun Java, and Trillian. The list encompasses applications that run on Windows, are frequently downloaded by individuals, and are not considered malicious by IT organizations or security vendors, according to Bit9. Apps on the list also had to contain one critical vulnerability and cannot be automatically updated with enterprise updates from Microsoft or other sources. These are apps that must be patched or upgraded to fix a bug by the end user himself, according to Bit9.
NIST's vulnerabilty database can be found here.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
You May Also Like
Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024