• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Business   »   Adobe and Apple to Outpace Microsoft in 2017 Vulnerability Discoveries. So What Now?

Adobe and Apple to Outpace Microsoft in 2017 Vulnerability Discoveries. So What Now?

  • Posted on:January 5, 2017
  • Posted in:Business, Cybercrime, Endpoint, Microsoft, Security
  • Posted by:
    Jon Clay (Global Threat Communications)
0

Cybercriminals by and large don’t work to annual schedules. But as a new year rolls around again, there’s a valuable opportunity for organizations to take stock of their IT security posture and consider where the key threats lie over the coming 12 months. One major area highlighted in Trend Micro’s 2017 predictions report, The Next Tier, is in the number of software bugs discovered in non-Microsoft platforms.

It’s a trend we think will continue as Adobe and Apple outpace Microsoft in terms of newly discovered vulnerabilities. That’s going to make vulnerability shielding and better, multi-layered endpoint threat protection a must for organizations as we head into 2017.

Broadening their horizons

Microsoft was for years the only show in town for hackers. Much of that was due to its market dominance, despite the claims of rivals that their platforms were inherently more secure. But that’s changing now, and fast. Adobe outpaced Microsoft for the first time in 2016 in terms of new bug discoveries. And the year was Apple’s single biggest in terms of flaws as it too became a target.

When we wrote the report in November, the count for Microsoft was 76 new vulnerabilities – down from 160 in 2015, according to the TippingPoint Zero Day Initiative. Compare that to 135 for Adobe, and 50 for Apple, more than double its 2015 haul.

Why is this happening? Well, Microsoft has certainly made great strides in developing more secure products thanks to the efforts of its Trustworthy Computing initiative. But we also have to look at market dynamics. Cybercriminals usually have one primary motive: making as much money as easily as possible. And this means targeting those platforms with the largest number of users. It ensures the bad guys generate the best possible RoI for any exploits they develop.

So, as we see Microsoft PC shipments decline while Mac and smartphone sales increase, this is going to have an impact on the number of new vulnerabilities discovered in these platforms. And as older software versions and models reach end-of-life, these too will come under greater scrutiny from the black hats. That’s why we believe we’ll see more exploits for flaws in the unsupported iPhone 4S this year.

Adobe software, meanwhile, has been a favorite of the hacking community for a while now – especially Flash. It too has a large installed user base, despite moves from many vendors to remove support. And its developers have been unable over the years to re-engineer the product in a way that radically improves security.

The fight back

What does this mean? A lot more of the same in 2017. Expect many more exploits targeted at Macs, unsupported iPhones and Adobe software. Many will be integrated into easy-to-use exploit kits, allowing even those with limited technical know-how to launch attacks. And for those who think the demise of the notorious Angler EK spells good news for 2017, just remember previous iterations like BlackHole were replaced in time by yet another version.

There’s no silver bullet to solve these challenges. But you can go a long way by investing in products which offer vulnerability shielding. It’s the only way to reliably and proactively mitigate the risk of zero day and unpatched flaws.

There’s also clearly a need for more comprehensive endpoint protection, particularly against exploits targeting Apple and Adobe platforms. Trend Micro’s answer is XGen: a multi-layered cross-generational approach which combines proven and advanced protection techniques, such as application control, exploit prevention and behavioral analysis, with high fidelity machine learning.

It’s the only way to deal with a threat landscape evolving all the time. And an agile and persistent enemy.

Related posts:

  1. New Adobe Flash Critical Vulnerability Exploited in the Wild.
  2. April 2016 Microsoft and Adobe Security Patches: Badlock Not So Bad and Adobe Fully Closes Pwn2Own 2016 Vulnerabilities
  3. ZDI Update: Microsoft and Adobe Patch Tuesday for May 2016 and Microsoft Closes Pwn2Own 2016 Vulnerabilities
  4. Adobe confirms Flash vulnerability in Windows 8

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Fujitsu and Trend Micro Demonstrate Solution To Secure Private 5G
  • Trend Micro Receives 5-Star Rating in 2021 CRN® Partner Program Guide
  • Smart Factory Cyber Attacks Knock Out Production for Days
  • Eliminate Hesitations: Security Simplified For Those Building In The Cloud
  • Nuffield Health Depends on Managed XDR with Trend Micro Vision One
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.