Java Hits Another Roadblock - Found To Be A Threat For Browsers
Java has been the most talked about application in the past couple of months. Not because of its functionality but due to its inability to refrain from being attacked and exploited. Oracle has released emergency security patches to deal with the vulnerabilities in Java but to no avail. Java has been attacked over and over again by free-rollers and experts alike using various tactics.
According to a report about a 100 million PCs are vulnerable to various attacks leading to unauthorized access through Java's unstable software. If things weren't bad enough for the software already, Department of Homeland Security issued a warning to all PC users to disable Java on their systems.
Experts at Websense decided to do a little bit of research on the topic. Therefore, coming up with a list of Java vulnerabilities, versions affected etc.
According to Websense;
It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%. That's what the bad guys do — examine your security controls and find the easiest way to bypass them. Grabbing a copy of the latest version of Cool and using a pre-packaged exploit is a pretty low bar to go after such a large population of vulnerable browsers.
Most browsers are vulnerable to a much broader array of well-known Java holes, with over 75% using versions that are at least six months old, nearly two-thirds being more than a year out of date, and more than 50% of browsers are greater than two years behind the times with respect to Java vulnerabilities. And don't forget that if you're not on version 7 (which is 78.86% of you), Oracle won't be sending you any more updates even if new vulnerabilities are uncovered.
About the Author:
This article has been written by Dr. Sindhia Javed Junejo. She is one of the core members of RHA team.