toggle

AAPL Stock: 109.89 ( + 2.17 )

Printed from http://www.macnn.com

Researchers: Silverlight now more vulnerable than Java, Flash

updated 10:22 pm EDT, Tue May 20, 2014

Microsoft's browser extension has less public awareness of malware attacks

Microsoft's web video and interactive cross-platform content plugin Silverlight is coming under increasing volume of attacks from hackers as of late, according to security reports. As the public awareness of Java and Flash flaws is increasing, Cisco's security researchers are finding an increasng number of systems affected by attacks focused on exploits of Microsoft's Silverlight, as users aren't aware of the increasing proliferation of malware for the platform, or even that they have the plug-in installed.

Cisco's researchers say that "Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October 2021," making users of the plug-in numerous, and vulnerable.

The analysts go on to say that a particular malware campaign they looked at "uses a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was patched in January, but a large percentage of Silverlight users install the package and never update it, with some installs being years out of date.

Microsoft has bug mitigation programs in place, however, Silverlight does not self-update - and is often installed surreptitiously as part of other installs, such as Microsoft Office. Levi Gundert, technical lead from the Cisco researchers say that the security firm expects "these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

Follow us on Facebook

toggle

Most Popular

Advertisement

Recent Reviews

Blue Yeti Studio

Despite being very familiar with Blue Microphones' lower-end products -- we've long recommended the company's Snowball line of mics ...

ZTE Spro 2 Smart Projector

Home theaters are becoming more and more accessible these days, but maybe you've been a bit wary about buying a home projector. And h ...

MSI Geforce GTX 970 100ME

When Nvidia announced a new line of video cards in September 2014, many people thought things would continue to be business as usual i ...

toggle

Most Commented