GFI Releases Report on 2013 Vulnerabilities

GFI Releases Report on 2013 Vulnerabilities

The best way to predict security trends in the oncoming year is to look back and see what went wrong in the previous years. To that end, GFI labs released a report today on the most vulnerable applications and operating systems of 2013.

Most of the data are along the lines of what you would expect, Internet Explorer was very vulnerable, Java was very vulnerable, Windows was very vulnerable, etc. However some of the more specific details were a bit of a surprise and also mirror what researchers have been saying for quite some time.

Google Chrome

According to the Most Vulnerable Applications chart, Google’s Chrome browser is listed as the third most vulnerable software of 2013, actually increasing its vulnerabilities since 2012 by 43.


Unfortunately, most of these vulnerabilities are listed as “High Severity” meaning that if they were exploited, they would cause far greater damage than vulnerabilities listed as medium and low.

The caveat here is that while Google Chrome is listed as having more vulnerabilities, unlike Adobe products and Java, it is not actively targeted by exploit kits and therefore not an active threat to users.

Microsoft Windows 7

The proof is in the pudding when it comes to the user transition from XP to 7.  The report shows that vulnerabilities discovered for Windows 7 in 2012  were greater by 58 in 2013.


However,  most of these vulnerabilities are of medium risk, showing us that most of the big hitting vulnerabilities found in Windows 7 have been patched. And researchers and cyber-criminals alike are scraping for whatever vulnerability they could get.

The newest Windows user platform, Windows 8, has shown to be a new target for cyber-criminals as the number of vulnerabilities found has risen dramatically from just five high severity vulnerabilities in 2012 to 43 in 2013.

I expect this number to rise even more in 2014 as new device purchasing increases the amount of people using Win 8.

The Good News

Despite the fact that 2013 showed us the greatest vulnerability count in the last four years, it also has the third-lowest count of high severity vulnerabilities, most of them being medium and therefore, possible to protect against with common security practices.


As always, the best method of safeguarding a system is to keep up with updates. This means:

  • Updating the Operating System – Automatic Updates are annoying but they are your friend
  • Updating Applications  – Java and Adobe will keep popping up on your system asking for updates, listen to them
  • Updating Security Software – All security software, including Malwarebytes Anti-Malware, has the option to update automatically and frequently, I highly recommend taking advantage of these features
  • Updating Browsers – You can update Chrome and Firefox by going to the Help / About options respectively in each browser while Internet Explorer updates through Windows Update

Every year we look at stats like the ones mentioned here and at times it might be dissuading considering how often you hear about attacks online from every angle imaginable.

However, the best thing for a user to do is to be observant while online. Users should keep an eye out for anything that doesn’t seem right and tell people about it but most importantly, don’t fall for it.

Thanks for reading and safe surfing! DFTBA!


Adam Kujawa

Director of Malwarebytes Labs

Over 14 years of experience fighting malware on the front lines and behind the scenes. Frequently anachronistic.