Firefox, iTunes, Skype Top Most Dangerous List - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

01:26 PM

Firefox, iTunes, Skype Top Most Dangerous List

Security firm Bit9 calls out 15 applications--frequently downloaded but usually unapproved by enterprises--that have at least one critical vulnerability.

Updated June 27, 2006.

Firefox, iTunes, and Skype were the top 3 applications in a list with the most security vulnerabilities, a Cambridge, Mass.-based security company said this week.

The list from Bit9 calls out applications frequently downloaded by individuals (and thus perhaps not sanctioned by the enterprise) which have at least one critical vulnerability, and that rely on the end user, not the corporate IT department, to manually patch or upgrade to fix bugs.

"These popular software applications are frequently downloaded to corporate desktops and can present serious risks for enterprise computing environments," said Todd Brennan, the co-founder and chief technology officer at Bit9, in a statement. "Understanding what software is actually running in your organization across your entire desktop environment is the first step in regaining application control and protecting your corporate infrastructure."

Firefox 1.0.7 -- which has been patched (and so superseded) by 1.0.8, not to mention Firefox 1.5 -- took the top honors with at least five vulnerabilities in the CVE (Common Vulnerabilities and Exposures) database. The Apple iTunes 6.02 and QuickTime 7.0.3 twosome took second.

The rest of the list ran as:

3. Skype 1.4
4. Adobe Acrobat Reader 7.02, 6.03
5. Sun Java Run-Time Environment (JRE) 50, Update 3, JRE 1.4.2_.08
6. Macromedia Flash 7
7. AOL Instant Messenger 5.5
8. Microsoft Windows/MSN Messenger 5.0
9. Yahoo Instant Messenger 6.0
10. Sony/First4 Internet DRM rootkit and uninstaller
11. Kazaa 2.0.2
12. RealPlayer 10
15. ICQ 2003a

Most of those on the list can be patched or updated, but no fixes exist for Yahoo Instant Messenger, Sony, Kazaa, or ICQ, Bit9 said in its write-up of application vulnerabilities (PDF file).

Bit9 recommended that companies run an audit to determine what software is on their systems, decide which applications should be blocked or banned, and then bar those programs so only "approved, appropriately patched software" run on the enterprise network.

Bit9's original list had included BitDefender 9 and WinZip 8.1 SR-1, an error it acknowledged when the former disputed the findings. According to a BitDefender spokesperson, Bit9 had sent a letter apologizing for the mistake.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
What Becomes of CFOs During Digital Transformation?
Joao-Pierre S. Ruth, Senior Writer,  2/4/2020
Fighting the Coronavirus with Analytics and GIS
Jessica Davis, Senior Editor, Enterprise Apps,  2/3/2020
IT Careers: 10 Job Skills in High Demand This Year
Cynthia Harvey, Freelance Journalist, InformationWeek,  2/3/2020
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll