Vulnerabilidades atingem recorde em 2018

Vulnerabilities are one of the elements frequently identified in security incidents, and along with other threats such as exploits or malware, they become a latent risk. ESET, a leader in proactive threat detection, reveals that 2018 reached its peak, surpassing previous years, and details which types were most frequent. The severity of vulnerabilities is determined by different factors, such as the impact on information confidentiality, integrity, or availability, as well as the attack vector used, attack complexity, required privileges, or user interaction. To achieve this, a system that allows for the calculation of negative effects is necessary. It is important to note that growth could have been greater, since zero-day vulnerabilities—those unknown to the public and to the program developer themselves, who, upon detection, has “zero days” to fix, meaning the software manufacturer must immediately correct them and prevent them from becoming public and/or being exploited by criminals—are not taken into account. By the end of December, 16,555 vulnerabilities had been recorded according to reports made in CVE (Common Vulnerabilities and Exposures), representing a 12% increase compared to 2017. This averages 46 threats reported per day during 2018. However, the most critical ones (with a rating greater than or equal to 7 and 9 according to CVSS v3.0) experienced a slight drop compared to the previous year. The products with the most vulnerabilities in 2018 were the Linux distribution called Debian in first place, followed by Android in second. Other widely used systems that appear in the ranking include Ubuntu in third place, Red Hat Enterprise Linux Server in fifth, and Windows 10 in tenth. Despite Debian being first in vulnerabilities, during 2018, detections of malicious code specifically designed to affect Linux accounted for only 1% of total detections, while for Microsoft operating systems, the number rose to over 6%. The manufacturers with the most vulnerabilities in 2018 were Debian (903), Oracle (690), and Microsoft (674), while the applications were Firefox (333), Acrobat DC and Acrobat Reader DC (286), and PhantomPDF (223), and the manufacturers with the most serious cases are Adobe (8.80), Qualcomm (8.50), and RealNetworks (8.50). The most frequent types of vulnerabilities in 2018 were code execution (23%), overflow attacks (18%), and Cross Site Scripting, or XSS (15%). Additionally, 79% of those related to code execution were severe (criticality score greater than or equal to seven). It is no surprise, then, that vulnerability exploitation is one of the most commonly used compromise vectors. These vulnerabilities impact both home users and businesses. “Vulnerabilities will continue to appear year after year because they are inevitable and inherent to the development of applications and devices. ESET advocates that prevention and knowledge are key to staying safe and enjoying available technology from a security perspective,” adds Camilo Gutierrez, head of the ESET Latin America Research Lab. Source: Security Report