Top Vulnerable Apps List Includes Sun JRE, Firefox & Skype
By Namrata Iyengar
Bit9 has compiled a list of the top 15 applications with known vulnerabilities. Often running outside of IT’s knowledge or control, these popular applications run undetected by enterprise IT organizations and are difficult to detect and remove. Bit9 says the list was designed to help IT departments regain control over their desktop environments. Each application on the list has the following characteristics:
It is well-known in the consumer space and frequently downloaded by individuals
It is not classified as malicious software by enterprise IT organizations
It contains at least one critical vulnerability registered in the US National Institute of Standards and Technology’s (NIST) official vulnerability database
It has a severity rating of between 7.0 - 10.0 (high) on the CVSS scoring system
It relies on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability, if such a patch exists.
"These popular software applications are frequently downloaded to corporate desktops and can present serious risks for enterprise computing environments," said Dr Todd Brennan, co-founder and CTO at Bit9. "Understanding what software is actually running in your organization across your entire desktop environment is the first step in regaining application control and protecting your corporate infrastructure."
Five of the top 15 applications with known vulnerabilities are:
Mozilla Firefox 1.0.7
Apple iTunes 6.02 & Quicktime 7.0.3
Skype Internet Phone1.4
Adobe Acrobat Reader 7.02, 6.03
Sun Java Run-Time Environment 5.0 Update 3, JRE 1.4.2_08
"Readers will learn how to gain visibility and control of enterprise desktops and laptops to streamline IT, enforce policy compliance, and eliminate unwanted software.
