A Secunia Research report showed that Apple QuickTime 7.x and Apple iTunes 12.x topped in the list as the U.S.’ most exposed applications.
According to the report, QuickTime has a market share of 55 percent and 18 reported vulnerabilities. 61 percent of users have not installed the latest updates to the application.
At the same time, iTunes has a market share of 40 percent and 106 reported vulnerabilities. 47 percent of users have not installed the latest updates to the app.
Other applications in the top 10 vulnerable list include Adobe Reader, Oracle Java 8 and Mozilla Firefox.
The number of end-of-Life applications on private U.S. PCs has been between five and six percent since the third quarter 2014 – in 2013 the number was between three and four percent.
The report said the problem with end-of-life applications from a security perspective is that the vendors of those applications no longer publish security updates to patch vulnerabilities as they are discovered in the product.
Consequently, any vulnerability in an end-of-life application is an open door into any PC on which the application is installed, Secunia Research, now a Flexera Software company, said.
“Hackers benefit from users’ failure to uninstall end-of-life applications, as the exploits they wrote for the old versions continue to work and continue to have value on the black market,” said Kasper Lindgaard, Director of Secunia Research at Flexera Software.
“Too many users install and forget. Maintenance of software is not high on the radar of the average computer users, who tend to install whatever application they need to support whatever they need to do. They then tend to leave it sitting in their system, forgetting to uninstall or update it,” said Lindgaard.
The report also said Oracle Java topped the list of most exposed applications in its U.S. Country Reports during the period from the third quarter 2014 to second quarter 2015.
To help users stay secure Flexera Software offered the Personal Software Inspector a free computer security scanner which identifies software applications that are insecure and in need of security updates.