Microsoft’s Internet Explorer browser has been the most vulnerable browser, but also the fastest to be fixed.
According to the endpoint exploitation trendsreportfrom Bromium, Internet Explorer received the highest number of patches in the first six months of 2014, while there were no reported zero-day exploits for Java in the first six months of 2014, after it suffered a torrid 2013.
Bromium’s analysis found that the number of vulnerabilities for Internet Explorer have increased by more than 100 per cent since 2013, surpassing JAVA and Flash vulnerabilities. Lamar Bailey, director of security R&D at Tripwire, said: “It is not a surprise that the vulnerabilities have increased. Internet Explorer is probably the most commonly used web browser in the world and therefore it is under the hacker microscope more than others.
“Over the last few years we have seen a trend towards cloud products and services, this has generated a renaissance of new web technologies and features. End-users access these new products and services via web browsers, so as the browsers must be extended to use the new technologies, it is reasonable to conclude that vulnerabilities will exist in these new technologies and browser implementations that are used to access them.”
“End-users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks” said Rahul Kashyap, chief security architect at Bromium. “Web browsers have always been a favourite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.”
Penetration tester Robin Wood to
ld IT Security Guru that the figures about Internet Explorer being targeted did not surprise him, as it is the highest used browser and probably the least patched. He said: “The home users who use it by default don’t tend to understand patching,” he said.
“The lack of Java zero-days is surprising, but they have been making it harder to attack over the last few years. I bet there are some out there just not public, being harder to find will drive up the price on both the legitimate and black markets.”