The SANS Institute Monday reported 422 new Internet security vulnerabilities discovered during the second quarter, up nearly 11 percent from the first quarter, with weaknesses in popular backup software highlighting the report.
Two backup programs, one from Veritas - which was acquired by Symantec last month - the other from Computer Associates, made the SANS Institute's list of top 20 new vulnerabilities for the quarter. Because these programs are widely used, flaws in these products affect a large number of computer users. "These backup products with vulnerabilities represent a huge portion of the market; 30 percent of all enterprises using backup software use them," says Ed Skoudis, senior security consultant with Intelguardians.
Because backup programs grant access to virtually all of an organization's data, they are particularly attractive to attackers. And since updating these applications with patches is often overlooked, they represent a real vulnerability, adds Alan Paller, director of research with SANS Institute.
Other new vulnerabilities include those found in music downloading programs iTunes from Apple and RealPlayer by RealNetworks. In both cases, flaws allow for bad play lists or music files to be downloaded that contain malware, Paller says. Also on the top 20 list are Web browsers Internet Explorer, Firefox and Mozilla. Compromises in these programs allow PCs to become infected simply by visiting a Web site, regardless of whether data is input.
The quarterly report tracks vulnerabilities that have been detailed in postings on the Internet, affect a large number of users, allow computers to be taken over by unauthorized users, and have not been widely patched, Paller says.