It was a rough year for software vendors who seemed to spend as much releasing patches and updates to their existing products as they did developing new ones.eSecurity Planet details the latest security report from IBM’s X-Force unit and what new tricks malware purveyors have up their sleeves for 2010.
Hackers continued to have great success taking advantage of vulnerabilities in applications, such as Adobe Systems’ Acrobat, and Web browsers from Mozilla and Microsoft to compromise unsuspecting users’ machines or data, according to IBM’s annual X-Force Trend and Risk Report.
That’s in spite of an overall decline in the number of new software vulnerabilities last year, IBM said.
Big Blue’s security research and development group reported that in 2009, the total number of bugs in document readers and multimedia applications surged 50 percent, leading to a dramatic increase in phishing attacks targeting banks and other financial services providers during the second half of the year.
For the year, IBM X-Force researchers identified 6,601 new vulnerabilities, an 11-percent decline from 2008.
Three of the top five malware Web exploits were found in Adobe (NASDAQ: ADBE) PDF files with the other two found in Adobe’s Flash and a Microsoft ActiveX control that lets users view a Microsoft Office document in Internet Explorer. Adobe in January issued a patch for a critical PDF zero-day vulnerability that hackers were using as a launching pad for a variety of spamming and malware endeavors.
The IBM report found that more than half of the client-side vulnerabilities ranked as either “critical” or “high” in severity affected just four vendors: Microsoft, Adobe, Mozilla, and Apple. On average, vendors managed to patch 66 percent of these documented vulnerabilities, but Apple had the worst patch rate at 38 percent.