According to the report from software vulnerability intelligence provider, Secunia Research – now part of Flexera Software - one in 20 applications on private US PCs are end-of-life, 12% of Windows operating systems are unpatched, and for the first time in four consecutive quarters, Oracle Java isn’t topping the list of most exposed programs, with Apple now taking the lead.
Secunia says the number of end-of-Life applications on private US PCs has been between 5% and 6% since Q3 2014, compared to 2013 when the number was between 3% and 4%.
According to Secunia, the problem with end-of-life applications from a security perspective is that the vendors of those applications no longer publish security updates to patch vulnerabilities as they are discovered in the product and, consequently, any vulnerability in an end-of-life application is an open door into any PC on which the application is installed.
“Too many users install and forget. Maintenance of software is not high on the radar of the average computer users, who tend to install whatever application they need to support whatever they need to do. They then tend to leave it sitting in their system, forgetting to uninstall or update it.”
As Secunia report, from Q3 2014 to Q2 2015, Oracle Java topped the list of most exposed applications in the US country reports.
The most exposed applications are ranked by Secunia based on how widespread they are (market share) multiplied by how many of their users have neglected to patch them (Unpatched) even though a patch was available.
Secunia reports that Oracle Java drops down to number four as a result of two factors:
• Oracle 7 went end-of-life in April 2015, and therefore got parked on the end-of-life list, which doesn’t factor in patch status because all end-of-life applications are de facto insecure
• Users are currently migrating to Oracle Java 8, but the 40 percent market share does not bring Oracle Java 8 to the top of the list.
Here’s the key findings in the US Country Report from Secunia:
• 5.5% of applications on the average US PC have reached end-of-life, meaning they are no longer supported by the vendor and do not receive security updates
end-of-lifer Adobe Flash Player 18, which was end-of-life as of September 22, 2015, is found on 80% of the PCs.
• Apple QuickTime 7.x and Apple iTunes 12.x tops the list as the US’ most exposed applications:
QuickTime has a market share of 55% and 18 reported vulnerabilities, 61% of users have not installed the latest updates
iTunes has a market share of 40% and 106 reported vulnerabilities, and 47% of users have not installed the latest updates.
• Other applications in the top 10 include Adobe Reader, Oracle Java 8 and Mozilla Firefox.