Vulnerability Overview 2011: Opera on horseback, Adobe at risk
How many vulnerabilities have been fixed?
In total, 4733 vulnerabilities were described during the year. Software manufacturers were able to eliminate only 58% of vulnerabilities by January 1, and for another 7% issued instructions on how to fix them. Thus, more than a third of vulnerabilities remained open to cybercriminals.
Adobe programs are cracking more and more.
Zero-day vulnerabilities are a headache for developers. These holes in the system are actively exploited by hackers even before the publication of a vulnerability message and the release of the patch.
It is interesting to note the increase in the number of such vulnerabilities in Adobe products - last year there were seven of them, and by this parameter Adobe overtook another giant - Microsoft, which had 5 zero-day vulnerabilities. Recent examples include the CVE-2011-2462 vulnerability in Adobe Reader discovered at the end of 2011, which was used to hack ManTech, a contractor for the US Department of Defense.

Is Opera the safest browser?
In terms of the number of vulnerabilities in 2011, Opera became the most protected browser. In all common applications of this type, except Opera, a very large number of high-risk vulnerabilities have been discovered that can be used to compromise the system. Last year, 4 critical vulnerabilities were also found among leading browsers that were used by attackers to conduct successful attacks on various companies. Most of them (three) came from Internet Explorer and one was found in Chrome 11.x.

The general view of vulnerability data in different versions of browsers is as follows:
| Browser / Hazard Level | Critical | Tall | Average | Low |
| Apple Safari 5.x | 0 | 140 | thirteen | 16 |
| Chrome 8.x | 0 | 16 | 4 | 2 |
| Chrome 9.x | 0 | 43 | 8 | 3 |
| Chrome 10.x | 0 | 23 | 3 | 4 |
| Chrome 11.x | 0 | 12 | 5 | 2 |
| Chrome 12.x | 1 | 26 | 9 | 1 |
| Chrome 13.x | 0 | 40 | 9 | 3 |
| Chrome 14.x | 0 | 17 | 2 | 8 |
| Chrome 15.x | 0 | 20 | 1 | 16 |
| Internet Explorer 6 | 3 | 16 | 2 | eleven |
| Internet Explorer 7 | 3 | fifteen | 2 | 12 |
| Internet Explorer 8 | 2 | 17 | 3 | eleven |
| Internet Explorer 9 | 1 | 14 | 2 | 10 |
| Mozilla Firefox 3.5.x | 0 | 18 | 3 | 3 |
| Mozilla Firefox 3.6.x | 0 | 34 | 6 | 4 |
| Mozilla Firefox 5.0.x | 0 | 7 | 1 | 1 |
| Mozilla Firefox 6.0.x | 0 | 7 | 1 | 1 |
| Mozilla Firefox 7.0.x | 0 | 5 | 1 | 2 |
| Mozilla Firefox 8.0.x | 0 | 4 | 1 | 2 |
| Opera 10.x | 0 | 1 | 1 | 4 |
| Opera 11.x | 0 | 3 | 7 | 8 |
| Opera Mobile for Android 11.x | 0 | 0 | 0 | 1 |
Windows - almost 100 vulnerabilities per year. The
popularity of Windows logically affects the number of vulnerabilities. Compared to other operating systems, the product from Microsoft found them the most. Windows holds leadership both in the overall standings (92 vulnerabilities) and in the individual - only this OS published 2 critical vulnerabilities in the reporting period. On the other hand, the maximum number of high-risk vulnerabilities (33) were found on Mac OS, on Windows they were found 22, and on different versions of Linux - only one.

All attention to SCADA systems
Vulnerabilities in SCADA systems are widespread in server software: 37 vulnerabilities were described in 17 security notifications. Researchers' interest in the software part of ACS TP is not accidental - it is in the last two years that viruses targeted at applications for industrial automation have spread.
CMS and forums - a favorable environment for hackers
The best conditions for unauthorized intrusions in the web application segment are provided by content management systems (18%). Hackers are constantly looking for vulnerabilities in the CMS, and, as we can see, they find them in large numbers (204 vulnerabilities per year). Site administrators built on popular platforms need to not only monitor suspicious activity, but also quickly install updates for CMS. We should not forget about web forums, which come in second place in terms of vulnerabilities (7%).
Apple iTunes security in question
Last year's hit parade of the most vulnerable media players (from among the most popular) led Apple iTunes (133 vulnerabilities). In the middle of the list is the widespread VLC Media Player (15 vulnerabilities), while Windows Media Player published only two vulnerabilities, which is about 70 times less than Apple iTunes.
77% of the “holes” in the system can be used remotely.
If we consider all the vulnerabilities in 2011, the attacker could work remotely while exploiting 77% of the vulnerabilities. For 15%, a local network was required, and for 8%, a personal presence or insider information was required.
Every fourth vulnerability allows you to compromise the system
About a quarter of vulnerabilities (24%) allowed the hacker to compromise the system by executing arbitrary code on the victim's computer. Another 21% of the detected "holes" were suitable for an XSS attack, 15% could be used for denial of service, 13% for disclosing important data, 12% for unauthorized data changes.
Vulnerabilities as a way to stop a plant and a nuclear program
In 2011, experts spoke in full voice of the onset of the era of the cold cyber war. The targets of hackers are industrial enterprises and military secrets. In the fall, it became known about a Trojan virus named Duqu. It infiltrates a Windows computer using the critical vulnerability CVE-2011-3402. Then the virus is able to infiltrate the adjacent SCADA-system of the enterprise in order to steal information about IT infrastructure and establish control over industrial facilities. Some experts noted that fragments of the main Duqu module are very similar to the Stuxnet worm, which in 2010 disabled several Iranian uranium enrichment plants.
Fake SSL certificates - revenge for Iran?
In the spring and summer of 2011, Iranian hackers sequentially hacked the servers of Comodo and DigiNotar certification authorities. The second case turned out to be especially fruitful. Some of the stolen security certificates belonged to the CIA, Mossad and MI-6. In addition to international cyber intelligence, the stolen “digital passports” were used for man-in-the-middle (MitM) attacks. The hacker passed the Internet traffic of the “client” through its own proxy server, where the victim’s browser met with a fake certificate and issued the information in decrypted form. Users of Internet banking, online mail services and other services using SSL certificates were hit.
US Digital Signatures and Military Secrets
Hacking the RSA Security server in mid-March 2011, unknown hackers compromised the reliability of RSA SecurID digital signatures. These keys were used by more than 40 million workers to gain access to closed networks. The attack began with an email urging employees of the parent company RSA to open a fake Excel file with the intriguing title “Staffing Plan 2011.xls”. Upon opening, the infected table installed the Poison Ivy backdoor on the PC, exploiting the vulnerability CVE-2011-0609 in Adobe Flash Player. Among the stolen information was information about the latest solutions for two-factor authentication. Later, using the stolen keys, they tried to hack the servers of the world's largest enterprise in the military-industrial complex, Lockheed Martin Corporation.
What happens due to non-compliance with the PCI DSS standard
In May 2011, Romanian hackers were caught hacking transaction processing systems of trading terminals and intercepting customer payment card data for three years. The main blow fell on the company Subway. Penetration into the Subway LAN, according to The Wire, was via wireless networks in restaurants, and the terminals themselves did not meet the security standards of the Payment Card Industry (PCI DSS). In addition, specialists providing remote technical support for the terminals not only did not install updates for the PCAnywhere remote administration application, but also chose the simplest combination of login and password (administrator, computer) in more than 200 systems.
UPD: OS vulnerabilities were taken into account only those that were present in the OS kernel itself and in its components / services, i.e. Vulnerabilities in
UPD2 third-party software were not specifically considered : full review