In recent years, a very high percentage of cyberattacks have targeted vulnerabilities in Oracle’s Java platform. However, Levi Gundert, technical lead in Cisco Systems’ threat research group, says that the number of drive-by malware attacks exploiting vulnerabilities in Microsoft’s Silverlight outnumber Java attacks.
The uptick likely results from improved hardening of Java and the growing number of developers who are using Silverlight. “We should expect these existing Silverlight exploits to proliferate through other exploit pack families in the near future as threat actors copy code from each other and release updates,” blogged Gundert. “Silverlight exploits are also ideal because Silverlight continues to gain rich Internet application market share, perhaps surpassing Java, and Microsoft’s life cycle schedule suggests Silverlight 5 will be supported through October 2021.”