The Hacker News
Oracle has released emergency patches multiple of times in recent months for Java for one after another set of vulnerabilities. About 100 million computers reported to be vulnerable to unauthorized access via different flaw in Java software. Department of Homeland Security's US-CERT already warned users to disable Java permanently to stop hackers from taking control of users' machines.


Security experts advised,'The best defense we have right now for these kinds of attacks is to disable Java in the browser forever'. According to Websense experts, Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits used in popular web attack toolkit. Exploit kits are a very common tool for distribution of many Java-based threats.

To detect the vulnerable Java versions that are installed on systems and Websense experts, used their technology via 'threat intelligence network', which monitors billions of web requests originating from tens of millions systems.

The Hacker News

Websense showed that only 5.5% of Java-enabled browsers have the most up-to-date versions of the software. "It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%." Charles posted at Websense blog.

"Most browsers are vulnerable to a much broader array of well-known Java holes, with over 75% using versions that are at least six months old, nearly two-thirds being more than a year out of date, and more than 50% of browsers are greater than two years behind the times with respect to Java vulnerabilities."

All this doesn't mean that Java is an insecure language or platform, or that web sites built on Java EE are any less secure than other platforms. Unfortunately, perception often beats reality, and Java is getting a big black eye from this one.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.