Despite the widespread and well-publicized exploitation of vulnerabilities in Java, large numbers of organizations continue to use versions that are weeks, months, or even years out of date, a Websense survey of its customers reports.
Most browser installations use outdated versions of the Java plug-in that are vulnerable to at least one of several exploits currently used in popular Web attack toolkits, according to statistics published by security vendor Websense.
Since the start of the year, hackers have been exploiting vulnerabilities in Java to carry out a string of attacks against companies including Microsoft, Apple, Facebook and Twitter, as well as home users. Oracle has made an effort to respond faster to the threats and to strengthen its Java software, but security experts say the attacks are unlikely to let up any time soon.
Java, Reader, and Flash are irresistible targets for hacking exploits. So what's it like living without the oh-so-vulnerable trio?
Research teams Wednesday cracked Microsoft's Internet Explorer 10 (IE10), Google's Chrome and Mozilla's Firefox at the Pwn2Own hacking contest, pulling in more than $250,000 in prizes.
Security researchers warn that cybercriminals have started using Java exploits signed with digital certificates to trick users into allowing the malicious code to run inside browsers.
This latest vulnerability report follows a week after the same company reported two other holes in Oracle's plug-in
Oracle released emergency patches for Java on Monday to address two critical vulnerabilities, one of which is actively being exploited by hackers in targeted attacks.
The attacks discovered last week that exploited a previously unknown Java vulnerability were likely launched by the same attackers that previously targeted security firm Bit9 and its customers, according to researchers from antivirus vendor Symantec.
A new exploit for a previously unknown and unpatched Java vulnerability is being actively used by attackers to infect computers with malware, according to researchers from security firm FireEye.