Report: Microsoft Internet Explorer Was The Most Patched And Also One Of The Most Exploited Products In 2014

Bromium Labs today released their report on cyber-attack landscape in the first half of 2014. Microsoft Internet Explorer had the most number of reported vulnerabilities and also in the publicly reported exploits. As the most used browser in the market,Internet Explorer was the most patched and most exploited product in 2014. They also reported that Internet Explorer 11 was released late last year and security patches seem to have emerged rather quickly, compared to its predecessors.

Almost all Internet Explorer memory corruption exploits now use de facto ROP (Return Oriented Programming) techniques for bypassing the default Operating System security mechanisms (ASLR, DEP). Also, both the IE zero days exploits leveraged ‘Action Script Spray’ technique to bypass ASLR.

You can download the full report here.

via: Betanews

  • Bugbog

    As I really don’t want to read a security report, it would have been nice if you could have broken down the exploits by version, as I sincerely doubt that IE11 was the most exploited browser this year.

    • hushv

      Exactly my thought.

    • Duk3togo

      I can see it being the most exploited, just by the fact it’s used by 60% of the people. Chrome, safari and Firefox market share is so small individually that even if 75% of that browser was exploited it wouldn’t come close to 10% of IE exploits. Bah they need to give me percentage and numbers for all browsers to actually give a hoot.

      • Tips_y

        I was about to post a comment but you said it better than I could so to you: +1

        • Duk3togo

          LOL thx and a +1 the gesture…