Bit9 unveiled its report of the top applications with reported security vulnerabilities in 2010.
Google Chrome placed first on the “Dirty Dozen” list, followed by Apple Safari and Microsoft Office. Apple and Adobe are the most represented companies with three applications each making this year’s list.
The report represents a “who’s who” of venerable tech companies and the applications most popular with enterprises and consumers alike, and contradicts the perception that Apple software is the most secure. The “Dirty Dozen” list ranks applications by the number of reported “high severity” vulnerabilities that impacted end users during 2010, and includes the following:
1. Google Chrome (76 reported vulnerabilities)
2. Apple Safari (60)
3. Microsoft Office (57)
4. Adobe Reader and Acrobat (54)
5. Mozilla Firefox (51)
6. Sun Java Development Kit (36)
7. Adobe Shockwave Player (35)
8. Microsoft Internet Explorer (32)
9. RealNetworks RealPlayer (14)
10. Apple WebKit (9)
11. Adobe Flash Player (8)
12. Apple QuickTime (6) and Opera (6) – TIE
In most cases, vendors on the list have issued patches to repair identified vulnerabilities. The enterprise is still at risk because the end user is often responsible for implementing the patch. Enterprise IT teams must monitor their endpoints to ensure patches have been properly applied.
Enterprises and government agencies that do not have application controls in place are not able to protect against the zero-day attacks in which no patches or fixes exist.