Story 2014-05-22 3MM Move over Java: drive-by attacks exploiting Microsoft Silverlight on the rise

Move over Java: drive-by attacks exploiting Microsoft Silverlight on the rise

Anonymous Coward
in security on (#3MM)
Java takes a regular beating for its frequent exploits , and it's not uncommon for people to complain Java is inherently insecure , or an unacceptable risk for secure computing platforms. Well, good thing there's Microsoft Silverlight to lend a hand, then! Recent investigation now shows a rise in drive-by attacks exploiting Microsoft Silverlight . From the article:
The number of drive-by malware attacks that exploit vulnerabilities in Microsoft's Silverlight application framework may be surpassing those that abuse Oracle's Java framework, according to a recent analysis of one popular hack-by-numbers tool kit. Since April 23, the Angler exploit kit has shown a significant uptick in attacks that target Silverlight users, according to a blog post published Monday by Levi Gundert, technical lead in Cisco Systems' threat research group.
The original Cisco piece can be read here .

[Ed. note: I for one propose a framework that will eliminate all such attacks: how about we eliminate graphics and video formats totally, and go back to green screen ASCII text over a serial connection ?]
Reply 2 comments

Still waiting (Score: 2, Interesting)

by on 2014-05-22 12:42 (#1VC)

It would be nice to get native HTML5 DRM Netflix support into Chrome or Firefox so I can torch any incarnation of silverlight from my box. I'm using pipelight, but it still loads some silverlight dlls. :(

Re: Still waiting (Score: 2, Insightful)

by on 2014-05-22 13:45 (#1VJ)

Totally agree. Since Microsoft is deprecating or phasing out Silverlight, I can hardly imagine they'd be arsed enough to actually deal with these flaws in a serious, long-term way. More likely, they'll fix the issues long enough to make the bad press go away, and then wash, rinse, repeat when the next flaw comes up. Who wants to work on the team that has to patch and protect the product your company has decided they'll eventually - and soon - kill off? Assign that crappy responsibility to the new team of interns - it will be good for their resumes! ha ha.