Internet Explorer vulnerabilities have increased more than 100 percent since 2013

[geeteam]

Bromium Labs today issued its "Endpoint Exploitation Trends" report that shows Internet Explorer set a record high for reported vulnerabilities in the first half of 2014, and also leads in publicly reported exploits.

According to Bromium, "Internet Explorer took the cap for historic high number of security patches in over a decade, and that feat was accomplished in the first six months of 2014!" It's not all bad news for users of Internet Explorer though. While the browser was easily the most exploited tool, Microsoft has been reacting much quicker to plug vulnerabilities. The company took more than 90 days to release its first patch for IE9, yet IE11’s first critical patch emerged just five days after the new browser was generally available.

Bromium says "In the first half of 2014, the growth in zero day exploitation continued unabated from 2013. Unsurprisingly, all of the zero day attacks targeted end-user applications such as browsers and productivity applications like Microsoft Office. Typically these attacks are launched leveraging users as bait using classic spear-phishing tactics. The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray. Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers".

Adobe Flash joins Internet Explorer as one of the most targeted products, with Action Script Sprays among the new techniques used to exploit it. Java, despite its notorious reputation, had no reported zero day exploitations in the first half of 2014, although that might be partially down to users taking action and disabling it, forcing attackers to switch their attentions elsewhere.

"End users remain a primary concern for information security professionals because they are the most targeted and most susceptible to attacks" said Rahul Kashyap, chief security architect, Bromium. "Web browsers have always been a favorite avenue of attack, but we are now seeing that hackers are not only getting better at attacking Internet Explorer, they are doing it more frequently".

Full Report Here

Source

[dcs18]

Tell us something . . . . . . . . . . . . . . . . . . . . . . . . . . . . new.

[Nastrahl]

They surely never visited the Firefox nor Chrome bugtracker…

[kantry123]

These vulnerabilities r in their DNA

& ofcourse...they won't change[emoji13][emoji13]

[LeeSmithG]

A percentage is out of 100.

So it cannot increase by more than 100%, so it's b.s.

[Lacius]

A percentage is out of 100.

So it cannot increase by more than 100%, so it's b.s.

That's not how numbers work. A percent increase is relative to the initial value. If I have 10 eggs (100%) and later receive a 200% increase in the number of eggs I have, I am left with 30 (100% + 200% = 300% = 3 times as many eggs) eggs.

http://en.wikipedia.org/wiki/Percentage#Percentage_increase_and_decrease

[LeeSmithG]

% is out of 100.

If you wish to believe it's not then I suggest your go speak to a Math academic, ohh he is writing to you now.

Increase would be doubled.

10 eggs could be anything from 0.00000000000000001 % of eggs in the basket, to 100% of eggs in the basket, 1.

So a basket with 10 eggs is 100% full, so it would be with a gogal amount or 2, or 4, 13, 56 etc.

Increase, is doubled (2 fold) tripled (3 fold) quadrupled (4 fold) etcetera.

Edited July 25, 2014 by LeeSmithG

[MidnightDistortions]

Going over 100% just indicates they are going over the initial idea that there is more than 100% from the original numbers. They could factor in the new numbers within 100% but to avoid confusion of whether the new numbers were factored in they increase the percentage so people know that the new numbers were factored into the equation. You can't add any more than 100% to a cellphone because there is a fixed amount of energy you can put into the phone, so it can't ever go above 100% (maybe a little bit depending on build) it's similar to a hard drive, you can say that exactly 50GB is at 100% but they add extra to the drive for drive error so when you first get the drive it could be at 101% for an example because extra bytes are included but then you have Windows method of byte calculation so it would seem you would only get 96%. If you changed the battery capacity in your phone (higher mAh) that would originally be at 100% your phone you would most likely get a 20% increase so now your phone has 120% battery life, but the phone may still read it at 100% because it recalculates in a 0-100% range.

Which means when tests were done for vulnerability issues it may have originally been around 60% or so but instead of recalculating the tests to 100% they just added the new percentage on top of the old one making the vulnerabilities increase over the originally thought 60% increase. Such as if you were thought you had the maximum number of eggs 10 in a basket and managed to get 20 more in that would be a 200% increase of eggs because they were using the same formula, 10 eggs = 100% and saw 200% increase from the 20 eggs thus making it 300%.

[LeeSmithG]

As I said before, 100% is all that exists, 200%, 300%......10,000,000,000,000% is not right.

Percentage, % is calculated out of 100.

It's like saying, that 200% exists is like saying there are 120 seconds in a minute.

The Chicken came first not the egg, b.t.w., a female and male Chicken (a cock bird and a hen) came first and they produced eggs, then they hatched and produced more hens.

Also note, you cannot sweat like a Pig, as pigs do not sweat.

Further, when a tubby person says, they don't understand why they are getting fat, as they eat like a Bird.

Go watch a Bird, all they do is eat.

So Charlie Brown, you cannot have anything greater than 100% or anything less than 0%.

Phone numbers or anything that contains a zero is not an 'o', so a house number is 110 not 11o, nor is a telephone number o1622 o45 o66.

I also do not like being called Sir, I find that patronising.

I hope you forgive me for my moments of madness.

[MidnightDistortions]

lol

I'm not sure if you are assuming that a full cup of water at 100% can't go any higher because you're unable to add any more water. Obviously with a full cup of water you can't add any more. Change the factors such as making the cup bigger to add 10 or 20% of the original capacity thus you have 120% of water because you added 20% to the predetermined thought that you can only at 100% (or 20oz) of water 100% doesn't tell you the capacity of the water because 100% is variable. They could tell us the actual numbers of how many vulnerabilities such as 120 and found 30 more but for some reason or another they decide to use % instead of the actual numbers. Either way adding over 100% is just adding on top of an originally calculated percentage. If you want to find out the 0-100% calculation i guess just ask the person who wrote the article/did the findings because people will continue to add onto an originally thought 0-100%.It's not wrong, it's just that they are not using the 0-100% law that you can't add any more than 100%, you have to recalculate it to factor into the 0-100% standard.

[CODYQX4]

.

Edited April 28, 2019 by CODYQX4

[Zarko]

All that Internet Explorer thing is zero-day

[dcs18]

Internet Explorer proved to be the most useful browser of my life - when I used it to . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . download Firefox. ^_^

[CODYQX4]

.

Edited April 28, 2019 by CODYQX4