http://gcn.com/articles/2010/07/19/adobe-reader-and-microsoft-ie-top-security-concerns.aspx By Kurt Mackie GCN.com July 19, 2010 The majority of Internet security threats come from unpatched vulnerabilities in Adobe Acrobat/Reader and Microsoft's Internet Explorer browser, according to an industry study. Those two programs topped a list of the "15 most observed vulnerabilities" on the Web, according to M86 Security's "Security Labs Report: January-June 2010 Recap," released this week. The vulnerabilities persist even though Adobe and Microsoft have issued fixes for the flaws. Some users apparently haven't applied the patches, which date back to 2006 in one case. Topping the list of commonly unpatched vulnerabilities is the Adobe Acrobat/Reader "CollectEmailInfo" flaw, for which a patch was issued in 2008. Next is the "deleted object event handling process" flaw in Internet Explorer, which had a patch issued this year. An "RDS ActiveX" flaw in Microsoft Internet Explorer ranks third on the list, even though a patch was issued in 2006. All told, according to report, Microsoft Internet Explorer constituted five of the top 15 vulnerabilities, while Adobe Reader represented four of the top 15 vulnerabilities. M86 Security's complete list of vulnerabilities can be found in the report here (PDF download). [...] _________________________________________________________________ Attend Black Hat USA 2010, hosted at Caesars Palace in Las Vegas, Nevada July 24-29th, offering over 60 training sessions and 11 tracks of Briefings from security industry elite. To sign up visit http://www.blackhat.comReceived on Mon Jul 19 2010 - 22:24:57 PDT
This archive was generated by hypermail 2.2.0 : Mon Jul 19 2010 - 22:29:41 PDT