Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

5/6/2016
11:00 AM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

The 10 Worst Vulnerabilities of The Last 10 Years

From the thousands of vulns that software vendors disclosed over the past 10 years, a few stand out for being a lot scarier than the rest.
1 of 11

1 of 11
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
nathanwburke
50%
50%
nathanwburke,
User Rank: Author
5/9/2016 | 12:05:52 PM
Re: OS vulnerabilities
It's a good point you raise about Mac vulnerabilities. Macs are certainly increasing in the enterprise, yet security products have been largely windows-centric. With attackers looking for a way in to gain access to other data on the network, a macbook without the same protection as the windows machines would be an attractive target. 
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
5/9/2016 | 9:14:01 AM
Re: OS vulnerabilities
@Ryan: Plus, only in the past few years have people even started to pay much attention to Apple platform security.  For years, as Apple's market share was relatively tiny, people -- including attackers -- didn't care much.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/9/2016 | 7:45:29 AM
Shellshock and Heartbleed
As they were not too long ago I know all to well the scramblings behind trying to remediate these two major vulnerabilities. They were so well publicized that non-security sides of the organization were inquiring about the patching efforts.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
5/9/2016 | 7:41:56 AM
Re: OS vulnerabilities
Yes, I think you will start to see this as more of a commonality with the increasing Mac footprint in the market. It hasn't quite extended over to the corporate side as fast as it has from a personal perspective but regardless Mac is definitely becoming more prevalent then before. With that comes more code for the OS and more opportunities for open holes.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
5/8/2016 | 12:03:07 PM
OS vulnerabilities
It's one thing to look at the past ten years in a single lump, but it's also worth noting that many more vulnerabilities are being found for Apple OS's than Microsoft OS's these days.

Case in point: informationweek.com/ios-security-reports-say-no-iphone-is-safe/a/d-id/1319750
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
10 iOS Security Tips to Lock Down Your iPhone
Kelly Sheridan, Staff Editor, Dark Reading,  5/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-5537
PUBLISHED: 2020-05-25
Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.
CVE-2020-13438
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid read in jfif_encode in jfif.c.
CVE-2020-13439
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c.
CVE-2020-13440
PUBLISHED: 2020-05-24
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13433
PUBLISHED: 2020-05-24
Jason2605 AdminPanel 4.0 allows SQL Injection via the editPlayer.php hidden parameter.