Oracle has released emergency patches multiple of times in recent months for Java for one after another set of vulnerabilities.
About 100 million computers reported to be vulnerable to unauthorized
access via different flaw in Java software. Department of Homeland
Security's US-CERT already warned users to disable Java permanently to
stop hackers from taking control of users' machines.
Most browser installations use outdated versions of the Java plug-in
that are vulnerable to at least one of several exploits used in popular
web attack toolkit. Exploit kits are a very common tool for
distribution of many Java-based threats.
Java Vulnerability: CVE-2013-1493
Vulnerability Version: 1.7.15 & 1.6.41
Vulnerable: 93.88%
Exploit Kits With Live Exploits: Cool
Java Vulnerability: CVE-2013-0431
Vulnerability Version: 1.7.11 & 1.6.38
Vulnerability: 84.89%
Exploit Kits With Live Exploits: Cool
Java Vulnerability: CVE-2012-5076
Vulnerability Version: 1.7.07 & 1.6.35
Vulnerability: 74.06%
Exploit Kits With Live Exploits: Cool, Gong Da, & MiniDuke
Java Vulnerable: CVE-2012-4681
Vulnerability Version: 1.7.06 & 1.6.34
Vulnerability: 70.01%
Exploit Kits With Live Exploits: Blackhole 2.0, Redkit, CritXPack, & Gong Da
***All Prior JRE Versions Below Those Listed Are Also Vulnerable.
Web-sense showed that only 5.5% of Java-enabled browsers have the most up-to-date versions of the software. Most browsers are vulnerable to a much broader array of well-known
Java holes, with over 75% using versions that are at least six months
old. All this doesn't mean that Java is an insecure language or platform, or
that web sites built on Java E-E are any less secure than other
platforms.
No comments:
Post a Comment