Skip to main content

Most vulnerable browser plugin? Think Java, not Flash

Image used with permission by copyright holder

Adobe’s Flash media plug-in for Web browsers doesn’t exactly have a stellar security record, requiring several urgent security updates to squelch zero-day exploits. However, computer security experts are now calling attention to Java, noting that many Internet users are running browsers with outdated Java implementations that contain serious security holes of their own. In a session at this year’s RSA Conference in San Francisco, Qualys CEO Walfgang Kandek unveiled data that showed that of over 200,000 browsers that visited his company’s BrowserCheck security service between July 2010 and January 2011, some 42 percent were running out-of-date Java plug-ins with known vulnerabilities. The number of people running out of date Flash plug-ins stood at 24 percent. In between came Adobe Reader at 32 percent, followed by Apple QuickTime at 25 percent.

The figures come just as Oracle has released an update to Java which patches some 21 vulnerabilities, 8 of which are considered extremely critical and some 19 of which could be exploited over a networking without valid login credentials. Oracle also issued multiple updates to Java throughout 2010 to address vulnerabilities.

Qualys isn’t the only company to single out Java as a key vulnerability in many users’ systems: in December networking giant Cisco noted (PDF) attacks on Java exceeded attacks against Adobe Reader and Acrobat during 2010, with Java some 3.5 more frequently exploited than malicious PDFs.

Qualys’s browser check system has itself been criticized for requiring users to install a browser plug-in in order to conduct its security audit. Competing services—such as the one built into Mozilla browsers—operate using Javascript.

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
How to tell if your webcam has been hacked
Razer webcam sitting on top of a monitor.

Having your webcam hacked is a terrifying prospect for many -- and a good reason to use a dedicated webcam cover. Not only does it represent an incredible invasion of privacy, but it has the potential to grab biometric data and other personal information that could be used to further expose you and steal your identity.

Often a hacked webcam is just part of a comprehensive malware assault, though, so protecting yourself against it involves having some of the best antivirus protection you can, while keeping your system updated. Even with robust protections in place, though, you should always keep an eye out for the tell-tale signs of a hacked webcam. Here's what to look out for.
The light on your webcam turns on at strange times

Read more
How to cancel a Twitch subscription on desktop or mobile
The Twitch desktop app.

There comes a time in every online gamer’s life when one must move on from platforms once cherished. Beyond PlayStation Plus and Xbox Game Pass, one of the premiere gaming content meccas is Twitch. Built from the ground up to give players the world over a community forum to live-stream through, it’s the kind of content hub that’s great when you want it, but maybe one of the first things you want to walk away from when you’re taking a break from your PC and consoles.

Read more
How I unlocked the hidden modes of DLSS
dlss hidden modes dt respec

Nvidia's Deep Learning Super Sampling (DLSS) has become a mainstay in modern PC games. We all know about the basic presets to choose from in games that set the quality level and tip the scales toward performance or image quality.

But under the surface, there are a range of hidden presets that make DLSS behave in different ways. These are how developers tweak how DLSS reacts to a given input resolution and specific game content. They aren't meant to be user-facing, but a clever mod allowed me to open up the hood of DLSS and get my hands dirty. Not only do these hidden presets provide far more customization,  but they also reveal how DLSS really works.
Meet DLSSTweaks

Read more