Jump to content

Flash Accounted for All Top 10 Vulnerabilities Used by Exploit Kits in 2015

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

http://img.photobucket.com/albums/v708/starbuck50/flash-accounted-for-all-top-10-vulnerabilities-used-by-exploit-kits-in-2015-503387-2_zps2sffu7ca.jpg

 

In the past year, exploit kit makers have switched from targeting Java security flaws to exclusively exploiting weaknesses in the Adobe Flash Player, a recent report from the NTT group shows.

 

The security firm claims that all of the top 10 vulnerabilities targeted by exploit kits during 2015 were Flash flaws. According to historical records kept by the NTT Group, 2015 was the first year when exploit kits used more Flash flaws compared to Java, which almost disappeared from exploit kits altogether.

 

This change in trends comes after Java was 2012, 2013, and 2014's most targeted technology via exploit kit vulnerabilities. Besides Flash, in 2015, the second and third most targeted technologies were Internet Explorer and Microsoft Windows.

 

The reason behind this trend is because of the massive security updates Java received in 2014 which made exploitation much difficult. Hackers turned their focus on Flash, which saw four zero-days in 2015 only from the Hacking Team data breach alone.

 

Symantec also recorded a high number of Adobe Flash zero-days

 

A similar report released by Symantec two weeks ago also confirms this trend. Symantec says that Flash vulnerabilities accounted for 17 percent of all zero-days in 2015, with four of the top five most used zero-days in 2015 belonging to Flash.

 

With so much material to work with and with Java's extremely hard-to-bypass security features and dwindling market share, it is to no surprise that Flash usage in exploit kits has grown so much.

 

The security upgrades that contributed to Java's downfall from exploit kit ****nals are the click-to-play feature and Oracle's decision to block unsigned applets by default.

 

In order, the top 10 Flash vulnerabilities used in exploit kits last year are as follows: CVE-2015-0311, CVE-2015-5119, CVE-2015-5122, CVE-2015-0359, CVE-2015-0313, CVE-2015-2419, CVE-2015-3090, CVE-2015-3113, CVE-2015-0336, CVE-2015-7645, and CVE-2015-3105.

 

For more details on exploit kits and other security topics, you can download NTTs 74-page 2016 Global Threat Intelligence Report

 

http://img.photobucket.com/albums/v708/starbuck50/flash-accounted-for-all-top-10-vulnerabilities-used-by-exploit-kits-in-2015-503387-4_zpsv5duj65l.png

Technology targeted in exploit kits

 

 

Source:

http://news.softpedia.com/news/flash-accounted-for-all-top-10-vulnerabilities-used-by-exploit-kits-in-2015-503387.shtml

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...