Product Watch: Bit9 Lists Top Vulnerable Applications Of 2009

Adobe applications took another hit today with the dubious distinction of being ranked as the most vulnerable applications of 2009 -- this on the heels of a zero-day attack on Adobe Acrobat and Reader that was revealed yesterday.

The Top Vulnerable Applications for IT 2009 report by Bit9 is based on the National Institute of Standards and Technology's database, and many of the applications on the list are those typically downloaded by end users without knowledge or approval of their IT departments.

"These popular applications are frequently downloaded to laptops and desktops by users and can present unnecessary security risk to IT and business operations," said Tom Murphy, chief strategy officer for Bit9, in a statement.

Adobe's Acrobat, Flash Player, Reader, and Shockwave were at the top of the list, with vulnerabilities that were labeled as "high" by NIST. Their vulnerabilities allowed everything from remote code execution, memory corruption, and denial-of-service to application-crashing.

Also on the list of most vulnerable apps of the year are Apple Quicktime, Mozilla Firefox, Opera, RealPlayer, Sun Java, and Trillian. The list encompasses applications that run on Windows, are frequently downloaded by individuals, and are not considered malicious by IT organizations or security vendors, according to Bit9. Apps on the list also had to contain one critical vulnerability and cannot be automatically updated with enterprise updates from Microsoft or other sources. These are apps that must be patched or upgraded to fix a bug by the end user himself, according to Bit9.

NIST's vulnerabilty database can be found here.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.