The Scope Of The Java Problem

  /     /     /  
Publicated : 22/11/2024   Category : security


The Scope Of The Java Problem


New Websense data highlights why Java is attackers favorite target: most end users run outdated versions of the app



Nearly 95 percent of endpoints actively running Java are vulnerable to at least a single Java exploit, according to new data from Websense.
The security firm decided to measure the actual state of Java vulnerability when it comes to users and their Java versions, and the numbers werent pretty: 75 percent of end users run a version of Java in their browser thats at least six months out of date; two-thirds, a year out of date; and 50 percent, more than two years out of date. And nearly one-fourth of users employ a Java version that is more than four years old.
It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%. Thats what the bad guys do — examine your security controls and find the easiest way to bypass them, according to a Websense blog post yesterday with the new data. Grabbing a copy of the latest version of Cool and using a pre-packaged exploit is a pretty low bar to go after such a large population of vulnerable browsers.
Then there are the earlier versions of Java, prior to Version 7: some 79 percent of end users are still running that iteration of the app. The really bad news here is that the latest update to Java Development Kit 6, update 43, is
the last one Oracle plans to release for that version of JDK
. The software firm recommends that users move to JDK 7. This means that more than 77 percent of users (based on requests from our research) are currently using Java version that are essentially [end of life] and will not be updated, patched or supported by Oracle, according to Websense.
The security firm got the real-time data on tens of millions of endpoints worldwide from its ThreatSeeker network. It found that only five percent of users are running the newest version of the Java Runtime Environment, 1.7.17.
(click image for larger view)
A look at the versions of Java Runtime Environment, based on active browser usage.
Source: Websense
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
The Scope Of The Java Problem