Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Over 15,000 Vulnerabilities Detected in 2014: Secunia

IT security solutions provider Secunia today published its annual vulnerability review. The report provides facts and details on the security flaws uncovered in 2014.

IT security solutions provider Secunia today published its annual vulnerability review. The report provides facts and details on the security flaws uncovered in 2014.

According to the security firm, a total of 15,435 vulnerabilities were identified in 2014 in 3,870 applications from 500 vendors. This represents an 18 percent increase compared to the previous year, and a 55 percent increase over five years.

Of the total number of flaws detected last year, 11 percent were rated “highly critical” and 0.3 percent were rated “extremely critical.” The percentage of highly critical vulnerabilities decreased compared to 2013 when more than 16 percent of issues were included in this category. A majority of the bugs had patches available on the day they were disclosed, Secunia said.

“While an impressive 83% of vulnerabilities have a patch available on the day of disclosure, the number is virtually unchanged when we look 30 days ahead. 30 days on, just 84.3% have a patch available which essentially means that if it isn’t patched on the day of disclosure, chances are the vendor isn’t prioritizing the issue. That means you need to move to plan B, and apply alternative fixes to mitigate the risk,” said Kasper Lindgaard, Director of Research and Security at Secunia.

This improved time-to-patch rate shows that researchers continue to coordinate their vulnerability reports with vendors, the security firm noted.

The company has determined that the most common attack vector was remote network (over 60 percent), followed by local network, and local system.

As far as zero-day vulnerabilities are concerned, a total of 25 were discovered in 2014, which is a significant increase compared to 2013 when only 14 were reported. Twenty of the zero-days were found in the 25 most popular software applications, including seven in operating systems.

The figures are a bit different when it comes to the top 50 most common applications found on a typical computer. This list consists of 34 products developed by Microsoft, including operating systems, and 16 products from other vendors.

Advertisement. Scroll to continue reading.

According to Secunia, 18 products from the top 50 portfolio were plagued by a total of 1,348 vulnerabilities in 2014. Nearly 75 percent of these security holes were rated as highly or extremely critical.

Non-Microsoft applications accounted for 77 percent of vulnerabilities. Microsoft applications accounted for 21 percent of vulnerabilities, while the remaining 2 percent plagued the Windows 7 operating system.

The number of vulnerabilities uncovered in the most popular Web browsers (Chrome, Firefox, Internet Explorer, Opera and Safari) was 1,035. This represents a 42 percent increase compared to the previous year. The number of flaws found in Adobe Reader, Foxit Reader, PDF-XChange Viewer, Sumatra PDF and Nitro PDF Reader decreased to 45 (from 70 identified in 2013).

A report released by IBM X-Force earlier this month shows that the company catalogued more than 9.200 vulnerabilities last year. However, CERT/CC has started assigning individual CVE identifiers for each Android application plagued by the same fundamental man-in-the-middle vulnerability. There are roughly 20,000 applications that could be vulnerable.

The complete Secunia Vulnerability Review 2015 is available online.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.