Adobe applications most vulnerable in Q1 2011, beating Microsoft and Oracle

A prominent figure in the computing world made headlines last year for his thoughts on Flash. Simply, "Flash is evil." Of course, Flash either ran poorly on his company's products, or was completely unsupported on others. Despite any motivations or biases, he could be right over Flash being evil - if you consider the amount of critical vulnerabilities the thing attracts. In fact, Adobe's products managed to occupy five of the top ten list of PC vulnerabilities, dominating the list and beating out Microsoft which made up the list last year.

This time around, Microsoft's only entry in the list was a vulnerability in how Microsoft Office OneNote handled URIs. The other three companies were Apple with one advisory of multiple QuickTime holes, two security advisories of multiple Java vulnerabilities in the Java Runtime Environment and the Java Development Kit, and one MIDI-related vulnerability in Winamp. One observation is clear: almost all these advisories address vulnerabilities with products that interact with the Internet or hook into web browsers.

The list was compiled by Kaspersky Lab (via The Inquirer). The top ten application vulnerabilities, with the Secunia advisory ID and the percentage of computers of which the vulnerabilities were detected on, are as follows:

  1. SA 41340: Adobe Reader/Adobe SING "uniqueName" Buffer Overflow Vulnerability (40.78%)
  2. SA 41917: Adobe Flash Player Multiple Vulnerabilities (31.32%)
  3. SA 43267: Adobe Flash Player Multiple Vulnerabilities (24.23%)
  4. SA 43262: Sun Java JDK / JRE / SDK Multiple Vulnerabilities (23.71%)
  5. SA 41791: Sun Java JDK / JRE / SDK Multiple Vulnerabilities (21.62%)
  6. SA 39259: Apple QuickTime Multiple Vulnerabilities (12.16%)
  7. SA 39272: Winamp MIDI Timestamp Parsing Buffer Overflow Vulnerability (9.40%)
  8. SA 31744: Microsoft Office OneNote URI Handling Vulnerability (9.05%)
  9. SA 42112: Adobe Shockwave Player Multiple Vulnerabilities (8.78%)
  10. SA 39272: Adobe Reader / Acrobat Multiple Vulnerabilities (8.18%)
Report a problem with article
Previous Story

Apple: "We have no plans to track our users' locations"

Next Story

TechSpot: Run Chrome OS From a USB Stick or as a Virtual Machine


Commenting is disabled on this article.

nowimnothing said,
Love that Microsoft made the title of this article even though it was the 4th company on the list.....

That's because in the past the arguments were always about how secure a product was in comparison with Microsoft's products. i.e. Apple bragging in their commercials that they were more secure.

Teebor said,
Now theres an accolade to not have, "we have more vulnerabilities than Microsoft"

Maybe in 2005, but as of now, things are really different. This truly points out how different Microsoft is now. The tables have shifted. Sure, Microsoft does some stupid stuff in the present, and Apple and Google as well. However, they've really shaped up their act with secure, high-quality products. Apple has slipped a little, however, and I think that it's been because of all of their success in the past few years. The same thing that is happening to Apple now, happened to Microsoft around ten years ago. I just hope that they can pull through...