6:17 AM
This represents a 2% increase compared to 2014, and a 39% rise compared to 2010. The numbers are bound to be higher in reality, if we take into account all currently available software, Secunia admitting the research included far less vendors than in the previous years, and also scanned fewer applications.
What Secunia's staff discovered was that during the past year, most of the detected bugs were categorized as less critical (45.6%), moderately critical bugs accounted for 25.5%, highly critical bugs for 13.3%, and only 0.5% of detected bugs were extremely critical.
More than half of security bugs can be exploited via the Internet
What's dangerous though is that 57% of these bugs could be exploited from a remote network, 35% from the local network, while only a small percentage (8%) required the attacker to launch his exploits from the victim's computer.
Most vulnerabilities were found in Google Chrome (516), followed by Adobe Flash (457), Adobe Air (306), Mozilla Firefox (254), Microsoft Internet Explorer (197), Microsoft Windows 7 (144), Adobe Reader (133), Apple iTunes (130), Oracle Java JRE (81), and Microsoft Excel (52).
As for zero-day vulnerabilities, as mentioned above, despite the smaller number of scanned applications and vendors, Secunia managed to find 23 zero-day bugs, three more than in 2014.
Browsers patch vulnerabilities in less than a month
More troubling is the fact that Secunia discovered 1,114 vulnerabilities in the five most popular browsers in 2015. With most of today's technology revolving around the Internet, browser bugs are becoming as dangerous, as OS-level issues.
But Secunia also noticed a good thing about browser vulnerabilities, and that is the fact that browser vendors are among the quickest to issue patches when a security flaw is discovered.
In the past two years, Secunia has seen that it takes browser vendors less than 30 days to issue a patch from the moment a vulnerability is detected, to when an update is available for download.
