Bromium Labs analyzed public vulnerabilities and exploits from the first six months of 2014. The research determined that Internet Explorer vulnerabilities have increased more than 100 percent since 2013, surpassing Java and Flash vulnerabilities.
Researchers established that:
Hackers increasingly target Internet Explorer – Analysis indicates that Microsoft Internet Explorer vulnerabilities have increased more than 100 percent since 2013, a trend underscored by a progressively shorter time to first patch for its past two releases.
Public JAVA zero-days decline – In 2013, Java led among vulnerabilities and public exploits, but this trend has reversed in 2014. In fact, in the first six months of 2014, there has not been a single public JAVA exploit.
Action Script Spray drives zero-day attacks – Both Internet Explorer and Flash zero-day attacks have leveraged Action Script Sprays, an emerging technique that bypasses address space layout randomization (ASLR) with a return-oriented program (ROP) chain.
“End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks” said Rahul Kashyap, chief security architect, Bromium. “Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.”
The complete report is available here.