October 8, 2010

Busy Four Months of Zero Days

Elad Sharf Security Researcher

Reflecting on the past few months, it has been very busy with zero-day flaws affecting popular products. Last Tuesday, Adobe issued a patch for the SING table parsing exploit that affects Adobe Acrobat and Reader (CVE-2010-2883). This patch has effectively patched a sixth critical zero-day in just four months, in what we consider to be highly exposed software. 

This is also the place to remind you to update and patch the affected software. Since there were quite a few vulnerabilities to deal with, we decided to summarize them with a time line, just to give a bit of perspective on how unusually busy it has been recently. 

Click on the image for a bigger version:


In total, those vulnerabilities accounted for 108 non-patch days - that's 88.5% of vulnerable time in those 4 months.


In case you haven't already done so, don't forget to update your software as soon as possible.


References to our alerts and analysis:

Adobe Flash and Acrobat Reader CVE-2010-1297: 1 2 3

Microsoft LNK vulnerability CVE-2010-2568: 1

Apple iOS JailbreakMe: 1 2

Apple Quicktime "_MARSHALED_PUNK_" CVE-2010-1818: 1 2

Adobe Acrobat Reader CVE-2010-2883: 1 2

Adobe Flash CVE-2010-2884: 1

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.