According to Oracle due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible. This Critical Patch Update contains 29 new security fixes across Java SE and Java for Business products.
One week after it was released by Oracle, only 7 per cent of Java users have installed the latest update. This is worrying because the majority of Java users on the Internet are vulnerable to a large and growing number of Java exploits in the wild. According to Microsoft, the vulnerabilities covered by the critical patch provide ‘...an unprecedented wave of Java exploitation...’ Trusteer believes it is the single most exploitable vulnerability on the web today.
“The spike in Java exploits shows every sign of continuing. Just 120 hours after a Google researcher published details of an unpatched Java exploit late last week, hackers had reportedly already started exploiting the vulnerability. The fact that the time between an exploit being discovered and then being used by hackers in the real world is shortening is of great concern. And with so few users updating their systems, this means that a majority of users' computers are wide open to this new type of attack vector,” he explained.