Internet Explorer most vulnerable browser of 2014: study

26 Jul 2014

Users of Microsoft's Internet Explorer (IE) run the highest risk of being targeted by hackers and cyber criminals, the findings of a new study show.

According to the study, conducted by Bromium Labs,  IE was one of the most exploited web browsers during the first half of 2014.

Bromium Labs' latest study also pointed to Adobe Flash as being the primary target of cyber-criminals, in the half of 2014.

Hackers exploited the popular plugin via 'Zero Day' attacks.

'Zero Day' attacks, are used by cyber criminals to exploit known vulnerabilities that developers failed to address in an application.

"The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers," Bromium Labs said in its report.

The report said, hackers used an emerging 'Zero Day' attack trend dubbed "Action Script Spray" to attack Internet Explorer.

Action Script Spray techniques allow hackers to launch attacks on Adobe's Flash application, which in turn made IE vulnerable to threat.

Internet Explorer experienced a record number of software vulnerabilities in the first half of 2014, much higher than any other popular program, according to Bromium's analysis of US National Vulnerability Database (NVD) figures.

According to Bromium's figures from the NVD, it looked as if IE's flow of public software flaws had roughly doubled, reaching 133 for the first half of 2014, overtaking the 130 recorded for the whole of 2013.

The same period had seen other browsers such as Chrome and Firefox experience only 50 or so public vulnerabilities, as against nearly 200 for the whole of 2013 for Chrome and 150 for Firefox.

This comes as an unexpected turn of events with IE going from being significantly better than its rivals to being significantly worse.

It had also logged three zero-day flaws thus far in 2014, identical to Firefox, but more than Chrome which had not experienced any.

As for other programs like Adobe's Flash Player and Reader, Microsoft's Office, and Java, Java seemed to be the major winner, recording 50 flaws, about half the rate of 2013.

However, in the backdrop of its previous woeful record it had not experienced a single zero-day issue so far in 2014, having recorded 11 in 2013.