Internet Explorer vulnerabilities have increased more than 100 percent since 2013
Bromium Labs today issued its "Endpoint Exploitation Trends" report that shows Internet Explorer set a record high for reported vulnerabilities in the first half of 2014, and also leads in publicly reported exploits.
According to Bromium, "Internet Explorer took the cap for historic high number of security patches in over a decade, and that feat was accomplished in the first six months of 2014!" It's not all bad news for users of Internet Explorer though. While the browser was easily the most exploited tool, Microsoft has been reacting much quicker to plug vulnerabilities. The company took more than 90 days to release its first patch for IE9, yet IE11’s first critical patch emerged just five days after the new browser was generally available.
Bromium says "In the first half of 2014, the growth in zero day exploitation continued unabated from 2013. Unsurprisingly, all of the zero day attacks targeted end-user applications such as browsers and productivity applications like Microsoft Office. Typically these attacks are launched leveraging users as bait using classic spear-phishing tactics. The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers".
Adobe Flash joins Internet Explorer as one of the most targeted products, with Action Script Sprays among the new techniques used to exploit it. Java, despite its notorious reputation, had no reported zero day exploitations in the first half of 2014, although that might be partially down to users taking action and disabling it, forcing attackers to switch their attentions elsewhere.
"End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks" said Rahul Kashyap, chief security architect, Bromium. "Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently".
The full report is available here.