According to Oracle due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 29 new security fixes across Java SE and Java for Business products.
One week after it was released by Oracle, only 7 per cent of Java users have installed the latest update. This is worrying because the majority of Java users on the Internet are vulnerable to a large and growing number of Java exploits in the wild. According to Microsoft, the vulnerabilities covered by the critical patch provide ‘...an unprecedented wave of Java exploitation...’ Trusteer believes it is the single most exploitable vulnerability on the web today.
“The spike in Java exploits shows every sign of continuing. Just 120 hours after a Google researcher published details of an unpatched Java exploit late last week, hackers had reportedly already started exploiting the vulnerability. The fact that the time between an exploit being discovered and then being used by hackers in the real world is shortening is of great concern. And with so few users updating their systems, this means that a majority of users' computers are wide open to this new type of attack vector,” he explained.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.