Printed from http://www.electronista.com

Researchers: Silverlight now more vulnerable than Java, Flash

updated 10:22 pm EDT, Tue May 20, 2014

Microsoft's browser extension has less public awareness of malware attacks

Microsoft's web video and interactive cross-platform content plugin Silverlight is coming under increasing volume of attacks from hackers as of late, according to security reports. As the public awareness of Java and Flash flaws is increasing, Cisco's security researchers are finding an increasng number of systems affected by attacks focused on exploits of Microsoft's Silverlight, as users aren't aware of the increasing proliferation of malware for the platform, or even that they have the plug-in installed.

Cisco's researchers say that "Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October 2021," making users of the plug-in numerous, and vulnerable.

The analysts go on to say that a particular malware campaign they looked at "uses a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was patched in January, but a large percentage of Silverlight users install the package and never update it, with some installs being years out of date.

Microsoft has bug mitigation programs in place, however, Silverlight does not self-update - and is often installed surreptitiously as part of other installs, such as Microsoft Office. Levi Gundert, technical lead from the Cisco researchers say that the security firm expects "these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates."



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Life n Soul BM211 Bluetooth speaker

Bluetooth speakers aren't only for listening to some music at the park or on a long bus ride, but can also be built with tablets in mi ...

Epson PowerLite Home Cinema 2030 projector

With high-definition televisions now the standard, 4K televisions becoming the next big thing, and plasma TVs going the way of the din ...

Life n Soul 8 Driver Bluetooth headphones

When it comes to music on the go, consumers generally have some options to consider when looking for the best experience. While Blueto ...

Sponsor

toggle

Most Commented

 
toggle

Popular News