Skip to main content

New security report shows Avant browser as most vulnerable

According to the latest quarterly update from vulnerability management company Secunia, the product with the most vulnerabilities over the three months from May to July was the Avant browser and, once again, IBM is the vendor with the largest number of vulnerable products.

Avant clocked 206 vulnerabilities over the period, and this is partly because it uses both the Chrome and Firefox engines making it open to the vulnerabilities in both. Also Avant's July 2015 update was the first major version since March and will therefore include many of the Firefox and Chrome vulnerabilities uncovered in the meantime.

IBM tops the vendor list due to the large number of products it produces. Those making Secunia's top 20 lists over the quarter include Intelligent Operations Center, Security Access Manager for Mobile, and Cloud Manger with OpenStack.

The Stagefright vulnerability shone a spotlight on Android security in July with the ability to remotely control a device by sending code in a multimedia message. Secunia notes that some good has come of this as Google and some handset makers - notably LG and Samsung - have made a commitment to send out monthly security patches to users that will fix any upcoming issues in the operating system.

"For as long as Secunia has been in business, we have tried to get exactly that message across to IT security professionals across industries: you cannot predict what products will be making your infrastructure vulnerable next month, based on what made it vulnerable this month. And you certainly shouldn't assume that, by patching the 10 high-profile software names that spring to mind when you think about what is in your infrastructure, you are all set and secure," says Kasper Lindgaard, Secunia's Director of Research and Security.

"Keeping track of what makes your environment vulnerable is an ongoing and complex task, that requires a combination of vulnerability intelligence and visibility of applications, devices and business critical data in your systems".

The full report is available to download from the Secunia website.

Image Credit: Pavel Ignatov / Shutterstock