This question would definitively get tons of different answers from different people using all sorts of applications and different versions of each application. However the real answer to this question is something that I really never expected.
According to a post I recently read on http://www.techlads.com/2008/12/firefox-most-vulnerable-windows.html and some research performed by a firm with the name Bit9, Firefox 1.0.4 is the most vulnerable windows application of all.
This is quite surprising to me since this browser is well respected throughout its open source community. It also managed to make lots of people switch due to it’s speed and reliability. It can also be customised and tweaked for maximum performance and appearance customisability.
The list of the top 10 vulnerable applications is:
- Mozilla Firefox (1.0.4)
- Apple QuickTime, Safari and iTunes (iTunes 6.02 & QT 7.0.3)
- Skype (1.4)
- Adobe Flash and Adobe Acrobat (7.02 & 6.03)
- Sun Java Run-Time Environment (JRE) (5.0/3 & 1.4.2_08)
- Macromedia Flash Player (7)
- AOL Instant Messenger (5.5)
- Microsoft Windows/MSN Messenger (5.0)
- Yahoo Instant Messenger (6.0)
- Sony / First4 Internet DRM rootkit & uninstaller (all versions)
It’s very common that most old versions of any software would contain security vulnerabilities. Therefore for maximum protection in a home environment, make sure to update your software to the latest versions.
For network administrators struggling to keep up with a huge list of applications installed on their networks, you can make use of software like GFI LANguard. With it’s patch management features, white and blacklisting of applications and also remote uninstall, can make your network much safer and completely blocking out those security weaknesses.
And the reason why firefox is the most vulnerable app is… (according to a Bit9 Research paper)
Firefox has multiple vulnerabilities including memory corruption, buffer overflows, errors in garbage collection, and running of arbitrary HTML and Javascript code that in many cases allow the execution of arbitrary code.
Thank god i am using all latest versions of above softwares, so no need to worry for me :)
seems to have a great news thanx for sharing