68 Percent of Web Users Yet to Patch Major Java Security Flaw

by admin on October 25, 2010

More than a week after Oracle released a critical security patch for Java, over 68 percent of Internet users are still at risk of attacks that exploit these vulnerabilities, according to the safe navigation service provider Trusteer (www.trusteer.com).

Trusteer according to the announcement on Monday, this may be the largest security hole in the Internet today, with almost three quarters of the computers connected to the Internet are using Java. The Safe Browsing service Trusteer has warned of 14 million users apply the patch immediately Java. For now, Trusteer is protecting subscribers.

A week after its release by Oracle, the update had been installed for only seven percent of users of Java. The critical update patch contains 29 security updates through the Java SE and Java for the Enterprise products to protect against malware such as the Zeus Trojan, exploiting vulnerabilities in unpatched versions of Java.

“From a standpoint of threat to the security of Java is very similar to Flash, since it is a ubiquitous technology installed on virtually every computer in the world, making it a definitive platform for distributing malware,” said Mickey Trusteer Boodaei executive director. “Using the vulnerabilities of these applications is very efficient because it allows criminals to target more than two thirds of Internet users. Oracle faces some major security problems and one of his biggest obstacles is the mechanism for updating software. For some reason, it is not effective enough in the distribution of security patches on the ground. Adobe experienced the same problem last year and since then, Flash has been the subject of many attacks. To date, Adobe has not managed to overcome despite the problem they are trying and have plans to introduce more safety features in future versions. ”

The Java exploit, sent to the Full Disclosure mailing list last week, seems to have been picked up by Russian hackers, who have used these techniques to redirect Internet users to a malware server. Given the time it probably would have been necessary to organize such multi-level attack, investigators believe the hackers Trusteer ready bug tracking reporting on a regular basis, and then mobilize resources rapidly to create new vulnerabilities days zero.

“The rise in Java exploits shows every sign of continuing,” said Boodaei. “Just 120 hours after a Google researcher published details of an unpatched exploit Java last week, hackers and had reportedly begun to exploit the vulnerability. The fact that the time between an exploit being discovered and then be used by hackers in the real world is the shortening is of great concern. With so few users update their systems, this means that most computers are very open to this new type of attack vector. ”

Earlier this month, Trusteer discovered a new version of the relatively unknown financial malware known as “Bugat,” the company said it could be an attempt by criminals to diversify their methods of attack using a less popular platform that Zeus Trojan .

Leave a Comment

Previous post:

Next post: