Adobe accounts for 65% of Zero Day Vulnerabilities

The Symantec Internet Threat Study indicates that in 2014, there were 24 Zero day vulnerabilities as compared to 23 in 2013.

zeroday_vulnerabilities_2014

Zero-day vulnerabilities are vulnerabilities against which the vendor has not released a patch. The absence of a patch  presents a threat to organizations and consumers alike, because in many cases this type of threat can evade purely signature-based detection techniques used by Anti malware software until a patch is released.

The zero day vulnerabilities if found by the fraudsters, will be exploited by them more easily than otherwise.  Some times the vendors come to know of the vulnerabilities but are unable to release a patch and for fear of reputation and business loss remain silent and  not announce the presence of unpatched vulnerabilities. This makes them complicit to the frauds that occur and should make them legally liable if law takes its normal view on such “negligence”.

When a Cyber Insurer has provided a liability insurance, he is also at a great disadvantage when Zero day vulnerabilities are exploited since security professionals may find it difficult to counter threats targeting such vulnerabilities.

The Study lists the 24 Zero day vulnerabilities found in 2014 and it is observed that 16 of them relate to Adobe. It includes vulnerabilities in Adobe Flash player as well as Reader. Microsoft accounts for 7 and the other is on Linux.

The study notes that their data base has over 62300 vendors of whom 62400 recorded vulnerabilities have been found.  It also states that the top 5 vulnerabilities were exploited for a combined period of 295 days during the year highlighting the risks that we are facing.

Naavi

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Law. Bookmark the permalink.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.