Bromium Labs today released their report on cyber-attack landscape in the first half of 2014. Microsoft Internet Explorer had the most number of reported vulnerabilities and also in the publicly reported exploits. As the most used browser in the market,Internet Explorer was the most patched and most exploited product in 2014. They also reported that Internet Explorer 11 was released late last year and security patches seem to have emerged rather quickly, compared to its predecessors.
Almost all Internet Explorer memory corruption exploits now use de facto ROP (Return Oriented Programming) techniques for bypassing the default Operating System security mechanisms (ASLR, DEP). Also, both the IE zero days exploits leveraged ‘Action Script Spray’ technique to bypass ASLR.
You can download the full report here.