The second quarter of 2005 has seen a large rise in the number of new critical internet security threats, according to a report from the SANS institute.

The organisation says the number of critical unpatched vulnerabilities in online programs has risen from 381 in the first quarter of the year to 422 in the second quarter.

‘These critical vulnerabilities are widespread and many of them are being exploited, right now, in our homes and in our offices. Too many people are unaware of these vulnerabilities, or mistakenly believe their computers are protected,’ said Alan Paller, SANS director of research.

The unpatched vulnerabilities identified by the report include risks in iTunes and RealPlayer, Internet Explorer, BrightStor, Oracle and Firefox.

An increase of 11 per cent in the number of new vulnerabilities discovered since the last quarter represents a very significant trend, says Gerhard Eschelbeck, chief of technology at Qualys, a commercial security threat monitor.

‘With up-to-date information, security professionals can immediately address new vulnerabilities, such as the ones recently discovered in popular desktop applications,’ he said.

Other contributors to the report include international government IT threat monitors such as the US Computer Emergency Response Team (US-CERT), the British Government’s National Infrastructure Security Co-Ordination Centre (NISCC) , and Canada’s Cyber Incident Response Centre to help it compile its quarterly bulletin.

IT administrators need to keep right up to date, says Roger Cumming, director of NISCC.

‘To protect their systems from emerging vulnerabilities. SANS has done its usual excellent job in listing the highlights and security professionals should waste no time installing vendor patches,’ he said.