Most Users Still at Risk to Attacks that Exploit Java Vulnerability
A browsing services provider Trusteer has discovered that more than a week after the release of a critical Java security patch, more than 68% of netizens are still vulnerable to attacks that exploit these flaws. This is a serious matter as 73% of netizens use Java.
Oracle released that only 7% of Java users installed the update, according to the news, the critical patch update included 29 new security fixes across Java SE and Java for business products to protect against malicious software like, the Zeus Trojan that exploit flaws in Java's unpatched versions.
Commenting on the issue, Mickey Boodaei, Chief Executive Officer at Trusteer highlighted that from the security threat perspective Java is quite similar to Flash and is an omnipresent technology virtually installed on every system across the globe, which makes it a perfect medium for circulating malware," as reported by WEB HOST INDUSTRY REVIEW on October 25, 2010.
This situation is quite distressing as most of the Java users on the Internet are vulnerable to a huge and increasing number of Java exploits.
Mickey further added that using flaws in these applications is really efficient as it allows cybercrooks to attack around over two thirds of netizens. According to Mickey, Oracle is experiencing some serious security challenges and one of its major obstacles is its software update mechanism. On some grounds, it is not efficient enough in circulating security patches to the field.
The Java vulnerability, posted to the 'Full Disclosure mailing list', seems to have been raised by Russian hackers, who have utilized these methods to redirect netizens to a malicious server. According to security researchers at Trusteer, cybercrooks are now regularly observing bug disclosure lists and then activating their resources instantly to create a new zero day flaws.
Mickey elaborated that the increase in Java vulnerabilities indicated towards the sign of continuing. The fact that the time between a vulnerability being found and then being exploited by criminals is decreasing is a serious issue. And with such a less number of netizens updating their computers, most of the users' systems are quite prone to this new kind of attack vector, as reported by HELP NET SECURITY on October 25, 2010.
» SPAMfighter News - 02-11-2010