SANS: No Safety From Vulnerabilities
IE vulnerabilities still abound, but Apple, Mozilla and Real Player users have little to gloat about.
There were 422 newly reported Internet security vulnerabilities in the second quarter of 2005, according to the SANS Institute. The number represents a 20 percent year-over-year and an 11 percent quarterly increase in reported vulnerabilities.
SANS' quarterly update of the top 20 list of Internet vulnerabilities, released Monday, identifies the most critical of the 422 that resulted in widespread damage to both enterprise and home users. Six different vendors made the list, including Microsoft, Mozilla, Apple, Real Networks, Computer Associates and Veritas.
Rohit Dhamankar, editor of the SANS Top 20, noted on a morning conference call that the issues with backup software products from Computer Associates and Veritas were particularly worrisome.
Backup software may just be the tip of the iceberg in terms of new attacks being waged against critical management applications.
''In the future we can expect to see more flaws being targeted against such class of products like management software and even licensing software,'' Dhamankar said.
Another trend noted by SANS is the increasing number of client-side vulnerabilities, such as those appearing in Microsoft Internet Explorer and Mozilla Firefox, as well as Apple iTunes and Real Networks' Real Player.
''Two of the products that people have been moving to to protect themselves had vulnerabilities,'' Alan Paller, director of research for SANS Institute said. "Firefox and Mozilla browsers had multiple vulnerabilities this quarter and Apple -- the company that people think of as the safe haven -- had two separate updates fixing multiple security vulnerabilities.
''So as you can see there are no safe havens,'' Paller added.