Web applications and browser vulnerabilities accounted for nearly 70 percent of all online vulnerabilities in the last six months, according to the Symantec Internet Threat Report released today.
The tenth bi-annual Symantec Internet Threat Report has found 69 percent of all global vulnerabilities between January and June 2006 were specifically related to Web applications and browsers.
The report also discovered that over the last six months 18 percent of all malicious code had not been detected in the wild before, an increase of 81 percent when compared to the previous six months.
David Sykes, Symantec Pacific region vice president, said any reasonable person would say 69 percent is not satisfactory and can only lead to further attacks and exploits. This scenario, according to Sykes, is a serious risk in the Web 2.0 environment.
"There are two things going on here, Web 2.0 and the growing demand for highly collaborative open environments. Then there is the quick path to private information through the individual which will most likely be affected by browsers full of bad holes," Sykes said.
"Of this 69 percent, 80 percent of the vulnerabilities are easily exploited and give an attacker control over a PC or server, which will be a big issue in the future. The world of collaboration in online environments like Web 2.0 has an implicit trust requirement."
Unfortunately, Sykes said "time to market" will continue to drive the release of security products which will impact quality.
"There is also an incredible amount of malicious code reuse going on and people are taking bits and pieces of other code and bolting it together, and in some cases it is self-updating," he said.
The report discovered 47 vulnerabilities documented in Mozilla browsers (up from 17 in the last reporting period), 38 vulnerabilities in Microsoft Internet Explorer (previously 25) and 12 vulnerabilities in Apple Safari.
During the reporting period, 157,477 unique phishing messages were found, an increase of over 80 percent from the previous six months. Spam accounted for 54 percent of all monitored e-mail traffic, up four percent from the last six months.
For the first time this threat report tracked the average time it takes operating system vendors to release patches for discovered vulnerabilities.
Microsoft's Internet Explorer had an average exposure window of nine days (a decrease from 25), Apple Safari had five (up from zero), Opera had two days (down from 18) and Mozilla had one day (up from negative two).