On CHOW: His burger will EAT your burger
BNET Business Network:
BNET
TechRepublic
ZDNet

November 2nd, 2007

Yahoo Messenger, QuickTime top list of most vulnerable Windows apps

Posted by Ryan Naraine @ 8:35 am

Categories: Apple, Botnets, Browsers, Data theft, Exploit code, Firefox, Hackers, Metasploit, Microsoft, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Yahoo IM, Apple QuickTime, Yahoo! Inc., Apple Inc., Microsoft Corp., List, Secunia, Bit9, Microsoft Windows, Tools & Techniques

Yahoo Messenger, QuickTime top list of most vulnerable Windows appsSoftware products marketed by Yahoo and Apple have topped the list of the most vulnerable Windows-based applications in 2007, according to endpoint security vendor Bit9.

The list, available here (registration required), focuses on popular, widely deployed Windows programs that are often very difficult for an IT department to locate or patch and, as Bit9 explains, “represent unexpected and unquantified vulnerabilities in an enterprise IT environment.”

[Gallery: Ten free security utilities you should already be using ]

Yahoo’s standalone IM client, which has been riddled with security holes all year, is #1 on the list. The buggy Yahoo Widgets software also makes an appearance at number 9.

Apple’s QuickTime media player and iTunes music download software also feature high on the list.

Strangely, Microsoft does not feature heavily on the Bit9 list. In fact, a Microsoft product appears only once on the list — Windows Live MSN Messenger at #4.

The Bit9 explanation:

The reason most Microsoft software doesn’t make the list is because by now most companies have a pretty good process in place for identifying, patching, and fixing vulnerable Microsoft software. The same cannot be said for apps like Firefox, iTunes, and other packages.

That does make sense but it’s hard to imagine Internet Explorer 6, the world’s most widely used — and heavily targeted — browser, not making an appearance on this list.

I could also make the argument that Microsoft Word, which has struggled with zero-day attacks and multiple code execution hole, should be high on any list of most-vulnerable Windows apps.

Here’s the top-ten from Bit9:

  1. Yahoo! Messenger 8.1.0.239 and earlier
  2. Apple QuickTime 7.2
  3. Mozilla Firefox 2.0.0.6
  4. Microsoft Windows Live (MSN) Messenger 7.0, 8.0
  5. EMC VMware Player (and other products) 2.0, 1.0.4
  6. Apple iTunes 7.3.2
  7. Intuit QuickBooks Online Edition 9 and earlier
  8. Sun Java Runtime 1.6.0_X
  9. Yahoo! Widgets 4.0.5 and previous
  10. Ask.com Toolbar 4.0.2.53 and previous

As I always recommend for Windows users, be sure to scan your system for security holes and apply all the necessary patches. Secunia’s free Web-based software inspector is a great place to start. A downloadable version is also available.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

  • Talkback
  • Most Recent of 26 Talkback(s)
Yeah, I know...
I was just trying to be friendly, that's all... (Read the rest)
Posted by: Carrion Posted on: 11/05/07 You are currently: a Guest | | Terms of Use
Look at the conditions that were the criteria for the list  Heatlesssun1 | 11/02/07
It's not because they're "well known" attack vectors  PB_z | 11/02/07
RE: Yahoo Messenger, QuickTime top list of most vulnerable Windows apps  leoliu118@... | 11/02/07
Mac for Windows  leoliu118@... | 11/02/07
You left out the most notorious app of all...  Carrion | 11/02/07
Is that real...?  Madsmasher | 11/02/07
Not real  Carrion | 11/05/07
Umm  tikigawd | 11/05/07
Yeah, I know...  Carrion | 11/05/07
Hmmm, is Real Player an app or a virus itself?  No_Ax_to_Grind | 11/02/07
Yes, good pick  Ryan NaraineZDNet Moderator | 11/02/07
It probably isn't on the list...  itpro_z | 11/03/07
Interesting non MS apps are now providing all the ways into the O/S  groovepoint@... | 11/02/07
I love apple but...  crampy20 | 11/02/07
correction  crampy20 | 11/02/07
I agree. There is irony here  xuniL_z | 11/02/07
It's not the apps, it's the OS  arminw | 11/05/07
you seriously cant be a software developer  pcguy777 | 11/05/07
Firefox is one of the most vulnerable browser  qmlscycrajg | 11/03/07
IM not to smart ?  not of this world | 11/03/07
Firefox on Windows and Linux  DarienHawk67 | 11/03/07
Microsoft only releases its patches monthly  K B | 11/04/07
Not really...  KTLA | 11/04/07
ya when you visited class a websites right?  pcguy777 | 11/05/07
You've gotta look......  todbran@... | 11/05/07
what do you know about locking down an os?  pcguy777 | 11/05/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors
Reduce risk. Reduce complexity. Increase reliability.
A simplified IT environment isn't just less complex. It's also more reliable. Standardize on a single Linux platform with SUSE Linux Enterprise from Novell, and get the world's most interoperable Linux
Learn more >>
Keep Up With The Latest In Document Management with The DocuMentor.
Doc delivers the scoop on today's enterprise content management, printer maintenance, and all other issues related to document management. It's the DocuMentor Blog.
Learn more >>
Microsoft Dynamics CRM Online - Free Six-Month Trial for Eligible Organizations
Microsoft Dynamics CRM Online provides fast online access, simple contact management and better sales performance for a low monthly cost - the best value on the market today.
Learn more about the free, six-month trial offer>>
Save time with automated shipping solutions
The Business Essentials Guide provides you useful tools and templates to help grow your business and save you time with automated shipping solutions.
Visit the UPS Business Essentials Guide
The more you simplify, the more you save
When you transition from your existing Red Hat environment to SUSE Linux Enterprise from Novell, you can recognize dramatic cost savings, perhaps as much 50%
Learn more >>
The best support in the Linux business
If Linux is going to power your mission-critical applications, you'd better have the best support known to business. Novell was rated the top provider of Linux technical support.
Learn more >>
advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

  • Smart Tech Expert advice on innovations in healthcare and the green technologies that make it happen. Find out more
  • Smart Business Discussion and advice on management issues that revolve around making your world smarter and more useful. More Smart Advice
  • Smart People The best and worst moves in the management and strategy trenches. Learn More