Zero-Day Vulnerabilities Nearly Double in 2014Zero-Day Vulnerabilities Nearly Double in 2014
Zero-day vulnerabilities nearly doubled last year to 25 up from 14 in 2013. That's according to a new report from IT security software provider Secunia that looks at vulnerabilities. Here are the details about what else the report shows.
March 25, 2015
Zero-day vulnerabilities nearly doubled last year to 25 up from 14 in 2013. That’s according to a new report from IT security software provider Secunia.
The Microsoft (MSFT) Internet Explorer exploit used in Operation Clandestine Fox, Heartbleed and CCS Injection were three zero-day vulnerabilities that affected both managed service providers (MSPs) and their customers in 2014.
What’s more, the report shows that 80 percent of all zero-day vulnerabilities were discovered in the 25 most popular products (Microsoft applications, non-Microsoft applications and operating systems).
Other Secunia findings included:
In 2014, 15,435 security vulnerabilities were discovered in 3,870 products from 500 vendors.
1,348 security vulnerabilities were discovered in 18 products in the top 50 most popular applications on private PCs.
1,035 security vulnerabilities were found in the five most popular web browsers: Google Chrome, Mozilla Firefox, Internet Explorer, Opera and Safari.
45 security vulnerabilities were found in the five most popular PDF readers: Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader.
The number of security vulnerabilities rose 18 percent year over year and 55 percent over the past five years. Also, the number of vulnerable products increased 22 percent year over year.
So how can MSPs help customers eliminate security vulnerabilities? Kasper Lindgaard, Secunia’s director of research and security, pointed out that businesses need “to stay on top of their environment.”
“IT teams need to have complete visibility of the applications that are in use, and they need firm policies and procedures in place, in order to deal with the vulnerabilities as they are disclosed,” he said in a prepared statement.
The annual “Secunia Vulnerability Review” provides global data on the prevalence of security vulnerabilities.
Full “Secunia Vulnerability Review 2015” results are available for download here.
About the Author(s)
You May Also Like