toggle

AAPL Stock: 122.15 ( -0.84 )

Printed from http://www.macnn.com

Researchers: Silverlight now more vulnerable than Java, Flash

updated 10:22 pm EDT, Tue May 20, 2014

Microsoft's browser extension has less public awareness of malware attacks

Microsoft's web video and interactive cross-platform content plugin Silverlight is coming under increasing volume of attacks from hackers as of late, according to security reports. As the public awareness of Java and Flash flaws is increasing, Cisco's security researchers are finding an increasng number of systems affected by attacks focused on exploits of Microsoft's Silverlight, as users aren't aware of the increasing proliferation of malware for the platform, or even that they have the plug-in installed.

Cisco's researchers say that "Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October 2021," making users of the plug-in numerous, and vulnerable.

The analysts go on to say that a particular malware campaign they looked at "uses a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was patched in January, but a large percentage of Silverlight users install the package and never update it, with some installs being years out of date.

Microsoft has bug mitigation programs in place, however, Silverlight does not self-update - and is often installed surreptitiously as part of other installs, such as Microsoft Office. Levi Gundert, technical lead from the Cisco researchers say that the security firm expects "these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

15-inch MacBook Pro with Force Touch

Apple's 15-inch Retina MacBook Pro continues to be a popular notebook with professional users and prosumers looking for the ultimate ...

Typo keyboard for iPad

Following numerous legal shenanigans between Typo -- a company founded in part by Ryan Seacrest -- and the clear object of his physica ...

Entry-level 27-inch Retina iMac

The 27-inch Apple iMac with 5K Retina display is already one of the best value-for-money Macs that Apple has ever released. It was som ...

toggle

Most Commented