Unpatched Apps Riskier than Malware

Bit9: Unpatched Apps Riskier than Malware

Bit9, of Cambridge, Mass., on June 20 released a list of 15 widely deployed applications with critical vulnerabilities that go unnoticed in enterprise IT organizations and urged businesses to clamp down on the use of out-of-date software.

The Bit9 list includes versions of several mainstream products—Mozilla Firefox, Apple’s iTunes and QuickTime, Skype, Adobe Acrobat Reader and Sun JRE (Java Runtime Environment)—that contain critical, code-execution vulnerabilities.

The company said the list is limited to applications that are well-known in the consumer space and are frequently downloaded by employees, often without the approval of IT departments.

“[They] rely on the end user, rather than a central administrator, to manually patch or upgrade the software to eliminate the vulnerability,” the company said in its advisory, noting that network administrators have no control over whether the vulnerable versions of the software are updated.

For example, Firefox 1.0.7 contains multiple security flaws that range from memory corruption to buffer overflows. [Read.On]