None of 10 top malware vulnerabilties are in Microsoft products

One of the most interesting factoids in the latest quarterly malware update from Kaspersky Lab is that not one of the top ten malware vulnerabilities are in a single software product from Microsoft.

Just as interesting, is that all of them are in products from only two companies, but 90% of them are in products from a single software producer.

Times have changed since the early 2000s, when dominant software producer Microsoft also dominated the most vulnerable software product rankings.

In the second quarter of 2011, Adobe and Oracle are responsible for the software products with the top ten vulnerabilities.

Naming Oracle is somewhat misleading, however, as the Kaspersky report is really pointing to Java, which is now technically owned by Oracle since its acquisition of Sun Microsystems.

But Java accounts for only one of the top ten vulnerabilities, so public software enemy number 1 these days is really Adobe.

Adobe is paying the same price as Microsoft did over a decade ago for producing some of the most widely-installed software products.

Another surprising factoid from the Kaspersky report is that seven of the top ten vulnerabilities are in a single product from Adobe, and it is not Acrobat or Reader.

The single Adobe product with 70% of the top malware vulnerabilities, for the second quarter of 2011 at least, is Adobe Flash Player.

Adobe, like Microsoft, has had to get its skates on fast to improve the security of its products, turning in fact to Microsoft for help and adapting for its use Microsoft’s security development lifecycle (SDL) and resulting in the X generation of products that are more secure.

Adobe has just released a clutch of security updates, including Flash Player, and judging from the Kaspersky report, there has never been a better time than now to ensure your Adobe product patches are up to date.

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close