The web video and interactive content plugin has seen a large increase in attacks from hackers, say the researchers, and while users are now well aware of the dangers of outdated Java software, many have no clue about Silverlight.
"Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft's life cycle schedule suggests Silverlight 5 will be supported through October, 2021," says the report.
Current malware attacks "use a Silverlight file to trigger the same CVE-2013-3896 vulnerability, but packages the exploit differently and attempts obfuscation through AES encryption." The CVE-2013-3986 exploit was already patched four months ago, but a majority of users have outdated Silverlight installs. Silverlight, unlike many Microsoft products, does not self-update.
Written by: Andre Yoskowitz @ 23 May 2014 10:49