The SANS Institute has reported 422 new Internet security vulnerabilities discovered during the second quarter, up nearly 11 percent from the first quarter, with weaknesses in popular backup software highlighting the report.
Two backup programs, one from Veritas - which was acquired by Symantec last month - the other from Computer Associates, made the SANS Institute's list of top 20 new vulnerabilities. "These backup products with vulnerabilities represent a huge portion of the market - 30 percent of all enterprises using backup software use them," said Ed Skoudis, senior security consultant with Intelguardians.
Because backup programs grant access to virtually all of a company's data, they are particularly attractive to attackers. And since updating these applications with patches is often overlooked, they represent a real vulnerability, added Alan Paller, director of research with SANS Institute.
Other new vulnerabilities include those found in music downloading programs iTunes from Apple and RealPlayer by RealNetworks. In both cases, flaws allow for bad play lists or music files to be downloaded that contain malware, Paller says. Also on the top 20 list are browsers Internet Explorer, Firefox and Mozilla. Compromises in these programs allow PCs to become infected simply by visiting a website.
The quarterly report tracks vulnerabilities that have been detailed in postings on the Internet, affect a large number of users, allow computers to be taken over by unauthorised users, and have not been widely patched, Paller says.