Dealing with Application Security Vulnerabilities
Cybersecurity
SHARE
Facebook X Pinterest WhatsApp

Dealing with Application Security Vulnerabilities

Written By
Brian Prince
Brian Prince
Dec 17, 2009
2 minute read
eWeek content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

Applications vulnerabilities are the honey bringing attackers out of their hives.

According to an analysis by Bit9, released Dec. 16, this year’s list of applications with the most serious vulnerabilities had Adobe Reader, Acrobat, Flash Player and Shockwave at the top. For IT administrators, the findings are a reminder of the importance of keeping track of vulnerable endpoints.

“Operating systems have been a focus point of security research over the last 10 years and have improved significantly,” said Wolfgang Kandek, CTO of Qualys. “The importance of keeping systems up-to-date is clear to most IT administrators. Applications have not followed the same pattern and are now a simpler target for attackers, which are opportunistic in their behavior.”

As a whole, the NIST (National Institute of Standards and Technology) database shows vulnerabilities in Adobe Systems applications jumped from 66 in 2008 to 99 in 2009, noted Kate Munro, director of product marketing at Bit9. More than 70 of this year’s Adobe vulnerabilities were rated “high,” she added.

In many cases, the responsibility of deploying patches falls on the shoulders of users and IT administrators. In the workplace, administrators need to know programs are on their networks’ computers in order to exercise control, Munro said.

“To achieve this, they need to do a live inventory of all the software on their endpoints,” she said. “This establishes a baseline. From there they can create an application control policy that defines what is acceptable, safe and approved to run for the company. It can be a policy or ‘whitelist’ for individuals or for group of users at their company.”

Administrators should focus on applications in this order: Adobe Reader, Adobe Flash, Microsoft Office, Sun Java and Apple QuickTime, Kandek opined.

“Attackers have realized that the installed base of Adobe software (Reader and Flash) is very big, potentially bigger than the Windows installed base … Adobe’s new structured process is helpful, but we still need to deal with the old installed and outdated software base that will not get updated without major work. [A] Firefox plug-in checker is a good first step, but we will need more cooperation between OS vendors and application providers,” he said.
Brian Prince
eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

facebook
linkedin
youtube
rss
x

Company

About us Contact us Advertise with us

Categories

Latest News Resources Artificial Intelligence Video Big Data & Analytics Cloud Networking

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information