What is a software vulnerability and why are there so many?

Recently, the WannaCry ransomware took control of hundreds of thousands of computers around the world by taking advantage of flaws in the Windows operating system and attacking computers equipped with this platform and spread rapidly; But what exactly does this action mean? Considering hackers as thieves and malicious software as their theft tools can help us answer this question.

By researching cybercrime and the use of technology among criminals for more than a decade, it is clear that these individuals are looking for ways to penetrate computers and networks, and are using a wide variety of options to get into their target systems.

What is a software vulnerability and why are there so many?

Some thieves may simply choose the direct method and enter it through the main door of the desired location; While others tend to be more stealthy and try to open the lock or use a door that is left open to enter their place of theft. This situation is also true for hackers; However, cybercriminals have more ways to penetrate their targets’ systems.

Weaknesses that hackers use are not like broken windows or rusty door hinges; Instead, they take advantage of software flaws in programs that run on computers. Since the creation of programs is the responsibility of humans, it can be expected that there will be defects in them. It’s almost impossible to create completely flawless software, which means that there are always ways for cyber attackers.


Simply put, a vulnerability can be an error in system management or a flaw in the code and how to respond to certain requests. Common vulnerabilities allow hackers to perform SQL injection attacks. This method is used in websites that use query-based databases to display information. In this situation, the attacker creates a query that contains code in the SQL database programming language.

If the website is not properly secured, its search functionality can execute malicious SQL statements and this flaw helps an attacker gain access to the database and potentially control the website. Similarly, many users use software compatible with the Java programming language, including Flash Player and Android applications.

There are numerous vulnerabilities in the Java platform, all of which can be exploited in different ways. The usual method in these types of programs is to force users to download plugins or in-program codecs. These add-ons actually contain malicious code that exploits the vulnerability of the program and endangers the security of the user’s device.

There are vulnerabilities in all types of software. Several versions of Microsoft’s Windows operating system contained bugs that WannaCry used to attack its targets. For example, the popular open source web browser Firefox has identified more than 100 vulnerabilities in its code every year since 2009. In addition, since early 2017, about 15 bugs have been identified in Microsoft’s Internet Explorer browser.

REvil malware

Software development is not a perfect process. Developers often work to timelines set by management teams and try to set reasonable goals, which can be problematic as a result of meeting these deadlines. Developers make every effort to design products safely when building applications; But it is possible that they will not succeed in identifying all the defects before the set date.

It is possible that some delays in the release of programs will result in high costs for the companies that make them. Many companies release the initial version of the product and after identifying the problems, they fix them by providing security updates. These updates are sometimes known as software patches; Because their goal is to fix the weaknesses of the programs.

Related article:

It should be said that software companies cannot support their products forever; Because in order to continue working, they have to focus on improving the programs and selling newer versions; So after some time they don’t provide new software updates for their older apps. When an attacker discovers a new vulnerability in software, he can develop a new program that uses the bug to gain access to the target system and take control of it.

Cyber ‚Äč‚Äčthieves try to penetrate target systems by discovering weaknesses in them, including network security vulnerabilities. If the attackers can communicate with the target computer, they can take approaches to increase their access, such as accessing specific files or running specific programs.

In recent years, hackers have repeatedly taken advantage of vulnerabilities in web browsers, tools that allow them to connect to the Internet and run small programs. Browsers have many vulnerabilities that can be exploited. These bugs allow hackers to control the target computer and as a result, they can use this level of access to infiltrate more sensitive and larger networks.

Sometimes, software developers or security researchers report these vulnerabilities to the companies that make them. Sometimes, hackers or government spy agencies discover how to break into systems; But they don’t inform the manufacturer. These types of bugs are called “zero day vulnerability”; Because the software developer did not have time to fix them, and as a result, that software or hardware will be at risk until the release of the security patch.

One of the best ways to stay secure is for users to install software updates regularly. Next, you can see the list of 50 software with the highest number of vulnerabilities detected:

No Product Name Name of the manufacturer product type Number of vulnerabilities
1 Debian Linux distribution Debian operating system 6844
2 Android Google operating system 4639
3 Fedora Linux distribution Fedoraproject operating system 3633
4 Ubuntu Linux distribution Canonical operating system 3551
5 MacOS X Apple operating system 3019
6 Linux Kernel Linux operating system 2939
7 Windows 10 Microsoft operating system 2889
8 Iphone Os Apple operating system 2709
9 Windows Server 2016 Microsoft operating system 2676
10 Chrome Google application 2501
11 Windows Server 2008 Microsoft operating system 2358
12 Windows 7 Microsoft operating system 2208
13 Windows Server 2012 Microsoft operating system 2027
14 Windows Server 2019 Microsoft operating system 2126
15 Windows 8.1 Microsoft operating system 2060
16 Firefox Mozilla application 1993
17 Windows RT version 8.1 Microsoft operating system 1875
18 Enterprise Linux Desktop RedHat operating system 1751
19 Enterprise Linux Server RedHat operating system 1709
20 Enterprise Linux Workstation RedHat operating system 1670
21 Leap Opensuse operating system 1586
22 Tvos Apple operating system 1370
23 Opensuse Opensuse operating system 1365
24 Enterprise Linux RedHat operating system 1223
25 Internet Explorer Microsoft application 1168
26 MySQL Oracle application 1156
27 Safari Apple application 1148
28 Watchos Apple operating system 1108
29 Thunderbird Mozilla application 1038
30 Enterprise Linux Server Aus RedHat operating system 811
31 Windows Vista Microsoft operating system 794
32 Firefox Esr Mozilla application 777
33 Gitlab Gitlab application 728
34 office Microsoft application 714
35 JRE Oracle application 701
36 JDK Oracle application 696
37 Windows XP Microsoft operating system 685
38 Seamonkey Mozilla application 680
39 Oncommand Insight Netapp application 673
40 PHP PHP application 657
41 McEwas Apple operating system 653
42 Mac OS X Server Apple operating system 628
43 Imagemagick Imagemagick application 627
44 Wireshark Wireshark application 619
45 Enterprise Linux Server Eus RedHat operating system 618
46 iTunes Apple application 603
47 Sunos SUN operating system 565
48 Enterprise Linux Server Tus RedHat operating system 564
49 Oncommand Workflow Automation Netapp application 547
50 Solaris Oracle operating system 504

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker