Security holes add up in second quarter
In April, May and June, more than 400 flaws were discovered that could let an attacker take control of a PC remotely.
This represents an increase of 10.8 percent compared with the number found in the first quarter, and a jump of 20 percent compared with the second quarter of last year, the institute said in its quarterly report.
If companies and individuals don't take corrective action, the agency warned, their systems could be used by remote hackers for identity theft, industrial espionage, and distribution of spam and pornography.
In order to be included on the quarterly list, the vulnerabilities must affect a large number of users, the SANS Institute said. Additionally, they must allow an attacker to take control of a PC remotely, and they must remain unpatched on a substantial number of systems. Information sufficient to let people exploit the flaws must be available on the Net.
Among the flaws are serious vulnerabilities in popular data backup products used by enterprises, while home users face increased risk from holes in iTunes and RealPlayer, as well as Internet Explorer.
"We are seeing a trend to exploit not only...Windows, but other vendor programs that are installed on potentially large number(s) of systems," said Rohit Dhamankar of TippingPoint, which collaborated with the SANS Institute for the study.
"These include backup software, management software, licensing software, etc. Flaws in these programs put critical resources at risk, as well as having a potential to compromise the entire enterprise."