A new report by Bromium Labs has found Internet Explorer to be one of the most exploited software in 2014. The report suggests that Internet Explorer vulnerabilities have increased more than 100 percent since 2013. Though, users don’t need to fret, as Microsoft has been pushing patches quicker than ever.
In its "Endpoint Exploitation Trends" report, Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014, and found Internet Explorer surpassing Java and Flash vulnerabilities. "Internet Explorer took the cap for historic high number of security patches in over a decade, and that feat was accomplished in the first six months of 2014!"
The report also mentions that Microsoft has stepped up its game at patching the vulnerabilities. Over the last few versions, the company has abridged the patch-delivery duration from IE9’s 90 days, through IE10’s two weeks to just 5 days for its latest IE11 version.
“The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers".
The report claims that ActionScript Sprays -- a technique to bypass address space layout randomization (ASLR) with a return-oriented program (ROP) chain -- has been driving the zero-day attacks. “End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks” said Rahul Kashyap, chief security architect, Bromium.
“Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.” he added.
It’s noteworthy to mention that Microsoft has had run several bounty programs to weed out vulnerabilities from Internet Explorer. The company remains committed at making its browser more secure than ever. Anyway, Google is yet to find the “bug” in its Chrome browser that is killing your laptop’s battery.
Editor's note: Internet Explorer is the most widely used internet browser worldwide, so of course it will be the target of attacks. Thankfully, Microsoft has made a vast amount of improvements with the latest version of IE -- IE11. So take this into consideration when commenting about this report.
Thanks WallofSheep for the tip!