The most exploited vulnerabilities tend to be Adobe Reader and Internet Explorer, but a rising target for exploits is Java, according to a report to be released on Wednesday by M86 Security Labs.
Of the 15 most exploited vulnerabilities observed by M86 Security Labs during the first half of this year, four involved Adobe Reader and five in Internet Explorer, the lab wrote in its latest security report for January through June 2010.
Also on the Top 15 list were vulnerabilities affecting Microsoft Access Snapshot Viewer, Real Player, Microsoft DirectShow, SSreader, and AOL SuperBuddy. Most of the exploits observed had been first reported more than a year earlier and were addressed by vendors, "highlighting the need to keep software updated with the latest versions and patches," the report said.
More Java-based vulnerabilities have been actively exploited, reflecting attackers' attraction to Java's popularity and broad install base. In the most common attack scenario, browsers visiting a legitimate Web site are redirected by a hidden iFrame or JavaScript to a malicious Web page that hosts a malicious Java applet, according to the report.
"Java is the next low-hanging fruit for attackers," says Marc Maiffret, chief technology officer at eEye Digital Security.
Meanwhile, attackers are finding new ways to dodge malware detection mechanisms, the M86 report concluded. "Over the last few months, we have observed a new technique of code obfuscation that combines JavaScript and Adobe's ActionScript scripting language," which is built into Flash, the report said.News 1 month ago
