internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
p. 147<br />
Symantec Corporation<br />
Internet Security Threat Report <strong>2013</strong> :: Volume 18<br />
VULNERABILITy TRENDS<br />
Data<br />
Figure D.7. Browser Plug-in Vulnerabilities in 2011 and 2012<br />
Source: Symantec<br />
120<br />
100<br />
80<br />
60<br />
40<br />
20<br />
ADOBE ACROBAT<br />
READER<br />
ADOBE<br />
FLASH<br />
ACTIVE X<br />
APPLE<br />
QUICKTIME<br />
Commentary<br />
• In 2012, 312 vulnerabilities affecting browser plug-ins were<br />
documented by Symantec, a very slight increase compared<br />
to 308 vulnerabilities affecting browser plug-ins in 2011.<br />
• ActiveX vulnerabilities increased in 2012, which may be due<br />
to the increase in Internet Explorer vulnerabilities.<br />
• Adobe Flash Player and Java vulnerabilities increased in<br />
2012. This trend was already visible in 2011 and grew again.<br />
This is also reflected in the vulnerability usage in attack<br />
toolkits, which have focused around Adobe Flash Player,<br />
Adobe PDF Reader, and Java in 2012.<br />
FIREFOX<br />
EXTENSION<br />
ORACLE<br />
SUN JAVA<br />
2011 2012<br />
Symantec identified the<br />
following plug-in technologies<br />
as having the most reported<br />
vulnerabilities in 2012:<br />
• Adobe Reader<br />
• Adobe Flash Player<br />
• Apple QuickTime<br />
• Microsoft ActiveX<br />
• Mozilla Firefox extensions<br />
• Oracle Sun Java Platform<br />
Standard Edition (Java SE)