Is Internet Explorer emerging as ‘sweet spot for hackers?

The number of Internet Explorer vulnerabilities have increased by more than 100% since 2013, leading to the release of the highest number of security patches in more than a decade during the first six months of 2014.

These were the findings of a new report from Bromium Labs noted. Last year, Oracle’s Java was hit with highest malwares and zero day attacks, with several exploit kits having a field day with it.

The report noted: "The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray.

"Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers."

In particular, there were no zero day exploits reported during the first half targeted at Oracle’s Java.

Despite being exploited by zero days, Adobe also offered hackers new ways to exploit the Internet Explorer browser.

"Unsurprisingly, all of the zero day attacks targeted end-user applications such as browsers and productivity applications like Microsoft Office," the report added.

"Typically these attacks are launched leveraging users as bait using classic spear-phishing tactics."

Furthermore, hackers created new ways to attack browsers leveraging ‘Action Script Spray’ to evade Address space layout randomisation (ASLR) and launch several zero day exploits.

The report added: "Much attention was paid to JAVA exploits in 2013 and countermeasures such as disabling Java may have had a role in forcing attackers to switch to new targets this year.

"Regardless of the causes, zero day exploits in JAVA have experienced a recent lull in activity. Time will tell."

Sign up for our regular news round-up!

Give your business an edge with our leading Tech Monitor

Sign up