Program vulnerabilities help compromise the system easier

Oct 2, 2014 14:40 GMT  ·  By

Computer users in the United States are still running plenty of unpatched software, leaving a door open for cybercriminals to send malware their way, a new report from security company Secunia shows.

All through the third quarter of the year, Secunia collected information about software available on machines with Personal Software Inspector (PSI) installed and compiled it in a country report released on Wednesday.

The document states that, on average, a user has 76 programs installed on the system, with 10.8% of the third-party applications not being updated to the latest version, although security patches have been made available by the developer.

Secunia says that out of the 76 average, 45 programs are from third-party vendors, which represents a total of 59%.

Java is still the most unpatched program

The company created a top 10 with software exposing computer users in the US the most to cyber-attacks. Market share and number of unpatched instances were taken into consideration.

Not surprisingly, Java took the top spot, being unpatched in 42% of the cases and with a market share of 66%. The number of vulnerabilities that would offer an attacker a way into the system was a staggering 145.

However, Java is not the software with the most number of vulnerabilities; Microsoft’s Internet Explorer 11 is, with 218. In its defense, though, it was found to be unpatched in 11% of the cases and because of this, it took the 7th place.

The number of security flaws listed in the report reflects a period of four quarters, between October 2013 and September 2014.

Other software found vulnerable on PCs in the US include Apple QuickTime, Adobe Reader, VLC media player, iTunes, and Adobe Shockwave Player.

Programs no longer supported are a security risk, too

The report also took into consideration applications that are no longer maintained by their developer, revealing that users were running expired versions of Adobe Flash Player and web browsers on their systems.

Google Chrome 36 and Mozilla Firefox 31 were second in the top 10 list of software no longer receiving security updates, the top place being reserved for version 14 of Flash Player.

“It only takes one vulnerability for a hacker to exploit a user’s system. Just one.  We are concerned to see such a high share of users with unpatched and End-of-Life browsers and operating systems,” said Kasper Lindgaard, Director of Research at Secunia.

“We hope that as part of National Cyber Security Awareness month, users will take a moment to make sure their systems are up to date with the most recent program versions and patches,” he added via email.