Java Is Top Attack Target
Java Is Top Attack Target
Written by Andrew Johnson   
Monday, 05 November 2012

Kaspersky has just released its analysis of security threats in Q3 2012 and top of the list is Java. This isn't encouraging given the recent bad press the language system has received.

There seems to have been something of a backlash against Java in the past few months.  For example, not happy with just killing off Flash, Apple has now removed Java from its hardware. In addition many PC users were spooked into removing Java altogether, rather than just disabling its use in the browser.

Was all of this justified or is it some sort of conspiracy against Oracle via Java?



According to the latest findings from Kaspersky Labs, it does look as if the concerns have a basis in fact. It seems that Java played a role in 56% of attacks. The only thing that comes even close is Adobe Acrobat at 25%.

Kaspersky comments that the cross platform nature of Java makes it attractive to malware writers as well as to app developers. It also points out that the lack of an enforced Java update mechanism means that vulnerabilities tend to stay active for longer. With an estimated 1.1 billion Java installations, this seems all too reasonable.

Recently it seems that the sandboxing provided by the Hotspot VM has been compromised and this exploit not only turns up in targeted attacks but in exploit packs, allowing others to use the same entry points with little effort.

If Oracle wants to stem this tide of bad publicity it needs to reconsider the rate at which it generates patches and how it issues updates to the JRE.



It is also interesting to note that Windows and IE account for only 4% of vulnerabilities, which is possibly due to the enforced updates introduced in the last few years. Adobe Flash notched up an insignificant 3%. Could it be that malware writers have given up on it too?  Android root attacks also accounted for only 2%.

The rest of the report is also worth reading.

More Information

IT Threat Evolution: Q3 2012

Related Articles






or email your comment to:


To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.



Don't Neglect Open Source Security

In today's fast paced and competitive development environment, we are increasingly making use of open source components to avoid constantly recoding standard features. This introduces security concern [ ... ]

Official Discrimination In Britain's Computer Industry

A book which uses as its sources recently opened government files, personal interview and the archives of major British computer companies reveals a shocking insight into the gender gap that still exi [ ... ]

More News

Last Updated ( Monday, 05 November 2012 )

RSS feed of news items only
I Programmer News
Copyright © 2018 All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.