Thursday, 22 June 2006
Top Vulnerable Apps List Includes Sun JRE, Firefox & Skype |
| |
|
| |
Bit9 has compiled a list of the top 15 applications with known vulnerabilities. Often running outside of IT’s knowledge or control, these popular applications run undetected by enterprise IT organizations and are difficult to detect and remove. Bit9 says the list was designed to help IT departments regain control over their desktop environments. Each application on the list has the following characteristics:
- It is well-known in the consumer space and frequently downloaded by individuals
- It is not classified as malicious software by enterprise IT organizations
- It contains at least one critical vulnerability registered in the US National Institute of Standards and Technology’s (NIST) official vulnerability database
- It has a severity rating of between 7.0 - 10.0 (high) on the CVSS scoring system
- It relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
“These popular software applications are frequently downloaded to corporate desktops and can present serious risks for enterprise computing environments,” said Dr Todd Brennan, co-founder and CTO at Bit9. “Understanding what software is actually running in your organization across your entire desktop environment is the first step in regaining application control and protecting your corporate infrastructure.”
Five of the top 15 applications with known vulnerabilities are:
- Mozilla Firefox 1.0.7
- Apple iTunes 6.02 & Quicktime 7.0.3
- Skype Internet Phone1.4
- Adobe Acrobat Reader 7.02, 6.03
- Sun Java Run-Time Environment 5.0 Update 3, JRE 1.4.2_08
“Readers will learn how to gain visibility and control of enterprise desktops and laptops to streamline IT, enforce policy compliance, and eliminate unwanted software.
http://www.bit9.com/15apps.html |
| |
|
|
| |
|
|
| |
|
|
| |
|
