Most users still vulnerable to attacks that exploit Java flaw
Posted on 25 October 2010.
More than a week after Oracle released a critical patch for Java, more than 68% percent of Internet users are still vulnerable to attacks that exploit these vulnerabilities, according to Trusteer. This is a huge issue, since 73 percent of Internet users use Java.

According to Oracle due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 29 new security fixes across Java SE and Java for Business products.

One week after it was released by Oracle, only 7 per cent of Java users have installed the latest update. This is worrying because the majority of Java users on the Internet are vulnerable to a large and growing number of Java exploits in the wild. According to Microsoft, the vulnerabilities covered by the critical patch provide ‘ unprecedented wave of Java exploitation...’ Trusteer believes it is the single most exploitable vulnerability on the web today.

“The spike in Java exploits shows every sign of continuing. Just 120 hours after a Google researcher published details of an unpatched Java exploit late last week, hackers had reportedly already started exploiting the vulnerability. The fact that the time between an exploit being discovered and then being used by hackers in the real world is shortening is of great concern. And with so few users updating their systems, this means that a majority of users' computers are wide open to this new type of attack vector,” he explained.


(IN)SECURE Magazine issue 45 released

(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Learn about personal data bankruptcy and the cost of privacy, security and compliance, delivering digital security to a mobile world, and much more.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Mar 6th