Security Market Segment LS
Wednesday, 28 October 2015 13:37

Unpatched PCs attract hackers in their droves - with Apple in front Featured

Unpatched PCs attract hackers in their droves - with Apple in front Image courtesy of Stuart Miles,

Private PCs are rife with unpatched vulnerable applications from vendors like Apple, Adobe and Oracle, according to a new research report which reveals the state of security for PC users in a total of 14 countries, including the US.

According to the report from software vulnerability intelligence provider, Secunia Research – now part of Flexera Software -  one in 20 applications on private US PCs are end-of-life, 12% of Windows operating systems are unpatched, and for the first time in four consecutive quarters, Oracle Java isn’t topping the list of most exposed programs, with Apple now taking the lead.

Secunia says the number of end-of-Life applications on private US PCs has been between 5% and 6% since Q3 2014, compared to 2013 when the number was between 3% and 4%.

According to Secunia, the problem with end-of-life applications from a security perspective is that the vendors of those applications no longer publish security updates to patch vulnerabilities as they are discovered in the product and, consequently, any vulnerability in an end-of-life application is an open door into any PC on which the application is installed.

“Hackers benefit from users’ failure to uninstall end-of-life applications, as the exploits they wrote for the old versions continue to work and continue to have value on the black market,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software.

“Too many users install and forget. Maintenance of software is not high on the radar of the average computer users, who tend to install whatever application they need to support whatever they need to do.  They then tend to leave it sitting in their system, forgetting to uninstall or update it.”

As Secunia report, from Q3 2014 to Q2 2015, Oracle Java topped the list of most exposed applications in the US country reports.

The most exposed applications are ranked by Secunia based on how widespread they are (market share) multiplied by how many of their users have neglected to patch them (Unpatched) even though a patch was available.

Secunia reports that Oracle Java drops down to number four as a result of two factors:

•    Oracle 7 went end-of-life in April 2015, and therefore got parked on the end-of-life list, which doesn’t factor in patch status because all end-of-life applications are de facto insecure

•    Users are currently migrating to Oracle Java 8, but the 40 percent market share does not bring Oracle Java 8 to the top of the list.

Here’s the key findings in the US Country Report from Secunia:

•    5.5% of applications on the average US PC have reached end-of-life, meaning they are no longer supported by the vendor and do not receive security updates
end-of-lifer Adobe Flash Player 18, which was end-of-life as of September 22, 2015, is found on 80% of the PCs.

•    Apple QuickTime 7.x and Apple iTunes 12.x tops the list as the US’ most exposed applications:
QuickTime has a market share of 55% and 18 reported vulnerabilities, 61% of users have not installed the latest updates
iTunes has a market share of 40% and 106 reported vulnerabilities, and 47% of users have not installed the latest updates.

•    Other applications in the top 10 include Adobe Reader, Oracle Java 8 and Mozilla Firefox.

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event at 2PM on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Peter Dinham

Peter Dinham - retired and is a "volunteer" writer for iTWire. He is a veteran journalist and corporate communications consultant. He has worked as a journalist in all forms of media – newspapers/magazines, radio, television, press agency and now, online – including with the Canberra Times, The Examiner (Tasmania), the ABC and AAP-Reuters. As a freelance journalist he also had articles published in Australian and overseas magazines. He worked in the corporate communications/public relations sector, in-house with an airline, and as a senior executive in Australia of the world’s largest communications consultancy, Burson-Marsteller. He also ran his own communications consultancy and was a co-founder in Australia of the global photographic agency, the Image Bank (now Getty Images).



Recent Comments