Move over Java: drive-by attacks exploiting Microsoft Silverlight on the rise

Anonymous Coward
in security on (#3MM)
Java takes a regular beating for its frequent exploits , and it's not uncommon for people to complain Java is inherently insecure , or an unacceptable risk for secure computing platforms. Well, good thing there's Microsoft Silverlight to lend a hand, then! Recent investigation now shows a rise in drive-by attacks exploiting Microsoft Silverlight . From the article:
The number of drive-by malware attacks that exploit vulnerabilities in Microsoft's Silverlight application framework may be surpassing those that abuse Oracle's Java framework, according to a recent analysis of one popular hack-by-numbers tool kit. Since April 23, the Angler exploit kit has shown a significant uptick in attacks that target Silverlight users, according to a blog post published Monday by Levi Gundert, technical lead in Cisco Systems' threat research group.
The original Cisco piece can be read here .

[Ed. note: I for one propose a framework that will eliminate all such attacks: how about we eliminate graphics and video formats totally, and go back to green screen ASCII text over a serial connection ?]

Still waiting (Score: 2, Interesting)

by on 2014-05-22 12:42 (#1VC)

It would be nice to get native HTML5 DRM Netflix support into Chrome or Firefox so I can torch any incarnation of silverlight from my box. I'm using pipelight, but it still loads some silverlight dlls. :(
Post Comment
What is the 3rd digit in 9424932?