M86 Security Labs released a list of the top 15 most observed vulnerabilities for the first half of 2010 and, surprise-surprise, Adobe Acrobat & Adobe Reader (No. 1) and Microsoft Internet Explorer (No. 2) took the top two spots.
It wasn't enough to just take the top spots, Adobe Reader and Microsoft IE overachieved (underachieved?) by claiming nine out of the 15 slots, with four of them belonging to Adobe and five for Microsoft.
The list also indicates a growing focus on exploiting Java-based vulnerabilities.
"Java is the next low-hanging fruit for attackers," says Marc Maiffret, chief technology officer at eEye Digital Security.
Perhaps inconceivable just a few short years ago, it now seems inevitable that Microsoft's Internet Explorer browser won't hold onto its market share lead forever, and could fall to Firefox within the next 24 months or so. We say this because IE has been trending backwards in market share numbers, at least up until now.
Microsoft can breathe a sigh of relief in June, even if only for one month. For the first time in a long time, the world's most popular browser (in market share) increased its usage, stopping what's long been a slow, albeit steady decline. According to Web analytics firm Net Applications, IE's usage numbers inched upwards in June from 59.8 percent to 60.3 percent. While promising, Microsoft knows not to read too much into this.
"We certainly don't judge our business on just two months of data, but the direction here is encouraging," said Ryan Gavin, senior director of business and marketing for Internet Explorer.
Meanwhile, Mozilla's Firefox browser slid backwards from 24.3 percent to 23.8 percent. And don't take your eyes off of Google's Chrome browser, which rose from 7.0 percent to 7.2 percent from May to June. Still settling in at fourth place, Apple's Safari browser climbed from 4.8 percent to 4.9 percent, while Opera declined ever-so-slightly from 2.4 percent to 2.3 percent.
Microsoft tomorrow will issue 10 security bulletins to address 34 security vulnerabilities found in Windows, Office, and Internet Explorer, the Redmond outfit announced. Three of the bulletins have been rated as "Critical," which would allow an attacker to take full control of the affected machine, while the remaining seven are listed as "Important," the second-highest rating in Microsoft's four-point scale ("Moderate" and "Low" being the remaining two).
This is a large update that will give IT admins plenty to do this week. All three critical vulnerabilities affect all Windows OS versions, including XP, Vista, Windows 7, and Windows Server 2008, as well as several versions of Internet Explorer.
What exactly all these security fixes will address hasn't yet been disclosed, though six of them deal with Remote Code Execution, three with Elevation of Privilege, and one addresses a Tampering vulnerability. Two of the updates -- including one ranked as Critical -- will require a system restart, while the remaining eight may require rebooting, Microsoft said.
Because everyone uses the Internet in a different way, there’s no such thing as a one-size-fits-all browser. The feature set one person needs might be too little or too much for another person. Extensions for browsers like Firefox and Chrome go a long way toward solving this problem, but installing and managing extensions is a pain, and can be an overly complicated solution to often-simple problems.
That’s where bookmarklets come in.
Microsoft has kicked off a new campaign that likens Internet Explorer 6 to old milk. The quirky comparison is Microsoft's not-so-subtle way of telling users that its dated browser has expired and it's time to go shopping for a new one.
"So why use a 9-year-old browser?," a page on Microsoft's Australia portal reads. "When Internet Explorer 6 was launched in 2001, it offered cutting-edge security -- for the time. Since then, the Internet has evolved and the security features of Internet Explorer 6 have become outdated.
"With the latest state-of-the-art security features, Internet Explorer 8 is designed to cope with today's modern cyber crime. In fact, research proves it."
Microsoft goes on to reference a browser study by NSS Labs in which IE8 caught socially engineered malware 85 percent of the time compared to Firefox 3's 29 percent, Safari 4's 29 percent, and Chrome's 17 percent.
IE6's market share has steadily declined since Windows 7 came out, which ships with IE8. According to Net Applications, IE6 now claims 17.6 percent of the browser market, down from 25.3 percent nine months ago.
Dating back to even before Netscape Navigator bit the dust, Microsoft's Internet Explorer has been the top dog in browsers, at least in terms of overall market share. But as competitors begin to close the gap, is it too early to begin talking about IE's demise?
EWeek certainly doesn't think so, which posted 10 compelling reasons why Internet Explorer's dominance is coming to an end. Chief among them is the European Union, which has been a costly thorn in Microsoft's side (and wallet), most recently forcing the Redmond software maker to include a browser ballot in Windows.
According to eWeek, however, should IE fall from its throne, Microsoft can't just the point the finger elsewhere. Ranking No. 2 on eWeek's list is Microsoft's complacency, something that was most evident in between the time IE 6 and IE 7. Microsoft has since picked up the pace, but even so, it seems as though Microsoft is usually playing catch-up with other browser makers rather than blazing a trail of its own.
A lack of features, both in quantity and in implementation, Chrome's rise in popularity, and increasingly tech savvy users are among some of the other reasons eWeek sees IE falling faster than the Dallas Mavericks come playoff time.
Google's Chrome browser has really been on a roll the last few months, and April was no exception according to numbers from NetApplications. The internet analytics firm said Chrome saw a 0.6% increase in usage share over the previous month. Chrome now sits at 6.7% market share. On the other side of things, we have Internet Explorer and Firefox, to whom the month of April was not as kind.
Internet Explorer saw another steep decline of 0.7% dropping it just below 60% market share for the first time since AOL ruled the interwebs. Firefox was technically up last month, but only by 0.07% to 24.6%. That magical one-quarter market share is just ever so slightly out of reach.
It's clear that IE users are moving to other browsers, but it looks like they're moving to Chrome in larger numbers. Add to that a few Firefox users migrating to Chrome, and you have bleak picture for anyone that isn't The Big G. Where do you come down in the browser wars?
Few could have guessed at the time of release 8 years ago that Internet Explorer 6 would turn out to be such a resilient browser, but here we are on the heels of IE9 and IE6 is still going strong, even against the warnings of security experts and Microsoft itself.
According to a recent study conducted by Chitika, a search-targeted advertising solutions firm, IE6 ranked fourth among all browsers, claiming 13 percent of usage during peak business hours. What this means is that IE6 is being used while at work, between the ours of 5AM and 2PM CST. After hours, however, the usage number drops to 6 percent of all Web traffic, Chitika noted.
"It almost looks like individual Internet users are more tech-advanced at home than the IT departments where they work," said Alden DoDrosario, Chitika's CTO, in a statement. "It's crazy to think that people whose job description revolves around employees having secure ways to browse the Web would keep IE6 alive, while these same employees go home to more secure browsers."
The same pattern holds true when broken down on a day-by-day basis. During the week, IE6 remains the fourth most used browser, and then loses nearly half of its market share to Firefox and IE8 during the weekend, Chitika says.
A handful of hackers will leave CanSecWest's security show a little richer than when they arrived after participating in the annual Pwn2Own contest. Charlie Miller, for example, won $10,000 for hacking Safari on a MacBook Pro without having physical access to the rig. You may recall that Miller, a principal security analyst at Independent Security Evaluators, walked away with $5,000 last year for exploiting a hole in Safari, and $10,000 for hacking a MacBook Air in 2008.
Safari wasn't the only software to fall. Peter Vreugdenhil won $10,000 for hacking Microsoft's Internet Explorer 8 browser, while Nils, head of research at UK-based MWR InfoSecurity, collected the same amount for exploiting Firefox on Windows 7-64 bit (Nils declined to provide his last name).
Both Ralf Philip Weinmann and Vincenzo Iozzo will share a $15,000 prize for hacking Apple's iPhone. They did so with an exploit written two weeks ago designed to steal the contents of the SMS database.
"The payload executes and uploads the local SMS database of the phone to the server we control," Weinmann said.
The big news in browser development today is that Microsoft made a series of announcements surrounding its upcoming Internet Explorer 9 at MIX10. Chief among them is that the IE9 Platform Preview is now available for public consumption, but that's really just the tip of the iceberg.
"Internet Explorer 9 enabling GPU-accelerated HTML5 is a milestone for visual computing," said Drew Henry, general manager of GeForce and ION GPU business unit at Nvidia. "By harnessing the power of Nvidia GPUs, Internet Explorer 9 removes the glass ceiling for Web developers, enabling them to build graphically rich, high-performing Web applications."