Java Is Top Attack Target
Written by Andrew Johnson   
Monday, 05 November 2012

Kaspersky has just released its analysis of security threats in Q3 2012 and top of the list is Java. This isn't encouraging given the recent bad press the language system has received.

There seems to have been something of a backlash against Java in the past few months.  For example, not happy with just killing off Flash, Apple has now removed Java from its hardware. In addition many PC users were spooked into removing Java altogether, rather than just disabling its use in the browser.

Was all of this justified or is it some sort of conspiracy against Oracle via Java?

 

kasperskyjava

According to the latest findings from Kaspersky Labs, it does look as if the concerns have a basis in fact. It seems that Java played a role in 56% of attacks. The only thing that comes even close is Adobe Acrobat at 25%.

Kaspersky comments that the cross platform nature of Java makes it attractive to malware writers as well as to app developers. It also points out that the lack of an enforced Java update mechanism means that vulnerabilities tend to stay active for longer. With an estimated 1.1 billion Java installations, this seems all too reasonable.

Recently it seems that the sandboxing provided by the Hotspot VM has been compromised and this exploit not only turns up in targeted attacks but in exploit packs, allowing others to use the same entry points with little effort.

If Oracle wants to stem this tide of bad publicity it needs to reconsider the rate at which it generates patches and how it issues updates to the JRE.

 

 

It is also interesting to note that Windows and IE account for only 4% of vulnerabilities, which is possibly due to the enforced updates introduced in the last few years. Adobe Flash notched up an insignificant 3%. Could it be that malware writers have given up on it too?  Android root attacks also accounted for only 2%.

The rest of the report is also worth reading.

More Information

IT Threat Evolution: Q3 2012

Related Articles

 

blog comments powered by Disqus

 

To be informed about new articles on I Programmer, install the I Programmer Toolbar, subscribe to the RSS feed, follow us on, Twitter, Facebook, Google+ or Linkedin,  or sign up for our weekly newsletter.

 

Banner


Mozilla Wants To Recommend The Best Tools
17/04/2014

Mozilla is putting together a core set of tools and recommendations that it considers the most useful for making Web apps and is asking for input from the developer community.



LiquidFun Is Fun!
19/04/2014

Forget simple 2D physics. Why not add some fluid excitement to your game? LiquidFun is an easy to use physics simulator that includes fluid and soft body simulation. 


More News

Last Updated ( Monday, 05 November 2012 )
 
 

   
RSS feed of news items only
I Programmer News
Copyright © 2014 i-programmer.info. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.