If you’re using a PC, you may want to make sure your Java is up to date. Yesterday, Holly Stewart, of the Microsoft Malware Protection Center, highlighted the “unprecedented” number of Java exploits that have occurred in 2010. In her blog post, Stewart said the Java attacks have spiked from under 300,000 at the beginning of the year to well over 6 million, and growing. The main problems: Java is used ever more frequently, threats are hard to detect, and users aren’t upgrading to fix security holes.
“Java is ubiquitous, and, as was once true with browsers and document readers like Adobe Acrobat, people don’t think to update it,” writes Stewart. “On top of that, Java is a technology that runs in the background to make more visible components work. How do you know if you have Java installed or if it’s running?”
The majority of exploits center around three particular vulnerabilities, all of which have fixes available for download. But is the company doing enough to stop these threats? Brian Krebs, a security reporter, thinks Sun, and parent company Oracle, have been given a free pass.
“Adobe has taken some lumps over the past year for the number of critical vulnerabilities that hackers have found and exploited in its software,” said Krebs on his blog last week. “But for some reason, Java seems to get a pass from the tech and security press, even though Java flaws consistently are found to be the most useful for attackers who wield these automated exploit kits.”
Krebs also points out that Java’s updater only checks for updates once every two weeks, and often fails to detect if a new version is available.
On October 12, Oracle released a massive patch that fixes 29 bugs and security holes in Java. That patch can be downloaded here.
- It took them 15 years to hack a master key for 40,000 hotels. But they did it
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities
- Patch your Windows 10 PC, now! Hackers are exploiting a zero-day flaw
- From pranks to nuclear sabotage, this is the history of malware
- New Spectre-like bug could mean more performance-degrading patches