For the first six months of this year Internet Explorer (IE) vulnerabilities hiked more than 100 percent over last year, new research found.
In addition, researchers from Bromium Labs found public Java Zero Days are on the decline. Last year, Java led among vulnerabilities and public exploits, but this trend reversed this year. In the first six months of 2014, there has not been a single public Java exploit.
The researchers also discovered action script spray drives Zero Day attacks. Internet Explorer and Flash Zero Day attacks have leveraged action script sprays, a technique that bypasses address space layout randomization (ASLR) with a return-oriented program (ROP) chain.
“End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks” said Rahul Kashyap, chief security architect, Bromium. “Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently.”
Click here for more details on the report.