Users of Java-plugins still in big danger

Posted: March 27, 2013 in IT Security News
Tags: , , , , , , , , ,

Java DangerAccording to security vendor Websense, most browsers with installed Java-plugin vulnerable for at least one exploit-kit, used for a number of web-based attacks.

In Websense say they used their own analytical network that tracks billions of Web requests from several million end-user computers. Network is able to detect the version of Java, installed on the system, and the browser with which it works.

According to the latest telemetry, only 5.5% of users have the latest version of Java and the latest version of the browser in the system (Java 7 Update 17 or Java 6 Update 41), but even for these versions of Java in the network already sold exploit kits, allowing the use of remains open holes in the software.

According Websense, much of the exploit is in the set of Cool Exploit Kit, commonly used by hackers to attack like Drive-by and then infect computers with malware. Cool Exploit Kit is distributed by subscription price of $ 10 000 per month, which suggests that not many IT criminals are using it.

In Websence also found that 71% Java-enabled browsers are vulnerable to older attacks. At least four exploit-kit – RedKit, CritXPack, Gong Da and Blackhole 2.0 – allows you to attack the older holes in Java. In addition, 75% of browsers are Java-Plugins issued more than six months ago. And two-thirds of that number – more than a year ago.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s