toggle

AAPL Stock: 132.54 ( + 1.15 )

Printed from http://www.macnn.com

Researchers: Silverlight now more vulnerable than Java, Flash

updated 10:22 pm EDT, Tue May 20, 2014

Microsoft's browser extension has less public awareness of malware attacks

Microsoft's web video and interactive cross-platform content plugin Silverlight is coming under increasing volume of attacks from hackers as of late, according to security reports. As the public awareness of Java and Flash flaws is increasing, Cisco's security researchers are finding an increasng number of systems affected by attacks focused on exploits of Microsoft's Silverlight, as users aren't aware of the increasing proliferation of malware for the platform, or even that they have the plug-in installed.

Cisco's researchers say that "Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October 2021," making users of the plug-in numerous, and vulnerable.

The analysts go on to say that a particular malware campaign they looked at "uses a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was patched in January, but a large percentage of Silverlight users install the package and never update it, with some installs being years out of date.

Microsoft has bug mitigation programs in place, however, Silverlight does not self-update - and is often installed surreptitiously as part of other installs, such as Microsoft Office. Levi Gundert, technical lead from the Cisco researchers say that the security firm expects "these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Notti smart lamp from Witti

Perhaps you've already seen our review of the Dotti LED display from Witti Design. Meet Notti, Dotti's "sibling". Notti is a softb ...

Seagate Personal Cloud (2-Bay)

When it comes to backing up files, many users are now looking to the myriad of cloud storage solutions available. There is no doubt th ...

Leitz Icon Label Printer

When you say the words "label printer" to people, they either just really don't care, or they get incredibly excited. This is one o ...

toggle

Most Commented