Posted by: Tony Bradley
browser, Flash, vulnerabilities, Web browser
The Web used to be just one more thing you do on a PC, and the browser was just one more application. It has evolved now, though, to become the central hub of productivity and computing activity–on the PC, on smartphones, and on tablets. An attacker who wants to target the largest possible pool of potential victims will try to use the browser as the entry point.
I recently wrote a white paper about the risks and concerns of browser security, and how a free tool from Qualys–BrowserCheck–can help you manage that risk and minimize your exposure to attack. Here is an excerpt from the paper:
Whether you’re using Internet Explorer, Firefox, Chrome, or Safari, the major Web browsers all have systems in place to automate keeping them up to date. Some businesses prefer to manage the process rather than letting the browser update itself to avoid any potential conflicts or disruptions, but even in those situations they do a fair job at patching and updating the browser itself.
The problem is that there are other elements associated with the browser that may be forgotten or overlooked. As the browsers themselves have adopted more proactive patching and updating practices, the battle lines have shifted, and attackers have focused their efforts on new targets.
Vulnerable add-ons, extensions, and plug-ins may get lost in the shuffle and provide an Achilles heel attackers can use to compromise PCs. High profile browser plug-ins, such as Java or Adobe Flash are frequently the weak link in browser security, but more obscure add-ons are even less likely to be properly maintained and updated.
Qualys found that 82 percent of the systems it monitored have Java installed, and that more than a third of those systems have a vulnerable, outdated version of Java. Adobe Flash was found on 67 percent of the tested PCs, and nearly a quarter of those were vulnerable.
Oracle and Adobe have been kept very busy in recent months, scrambling to deal with zero-day vulnerabilities being exploited in the wild. It seems as quickly as patches and updates are released, attackers start targeting a new unknown flaw and the cycle starts all over again.
Clearly, businesses and consumers need help to keep up with the frantic pace, and make sure these plugins and add-ons are patched.
To read the full white paper, click here: Keep your PCs safe while surfing the Web.