Skip to main content

Most vulnerable browser plugin? Think Java, not Flash

Image used with permission by copyright holder

Adobe’s Flash media plug-in for Web browsers doesn’t exactly have a stellar security record, requiring several urgent security updates to squelch zero-day exploits. However, computer security experts are now calling attention to Java, noting that many Internet users are running browsers with outdated Java implementations that contain serious security holes of their own. In a session at this year’s RSA Conference in San Francisco, Qualys CEO Walfgang Kandek unveiled data that showed that of over 200,000 browsers that visited his company’s BrowserCheck security service between July 2010 and January 2011, some 42 percent were running out-of-date Java plug-ins with known vulnerabilities. The number of people running out of date Flash plug-ins stood at 24 percent. In between came Adobe Reader at 32 percent, followed by Apple QuickTime at 25 percent.

Recommended Videos

The figures come just as Oracle has released an update to Java which patches some 21 vulnerabilities, 8 of which are considered extremely critical and some 19 of which could be exploited over a networking without valid login credentials. Oracle also issued multiple updates to Java throughout 2010 to address vulnerabilities.

Qualys isn’t the only company to single out Java as a key vulnerability in many users’ systems: in December networking giant Cisco noted (PDF) attacks on Java exceeded attacks against Adobe Reader and Acrobat during 2010, with Java some 3.5 more frequently exploited than malicious PDFs.

Qualys’s browser check system has itself been criticized for requiring users to install a browser plug-in in order to conduct its security audit. Competing services—such as the one built into Mozilla browsers—operate using Javascript.

Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
This compact HP Omen gaming PC is on sale at 39% off today
The HP Omen 16L gaming desktop sitting on a desk.

For those who want a proper gaming desktop but don't have enough space for a big and bulky machine, the HP Omen 16L could be what you need. You're in luck because it's on sale from the gaming PC deals of HP right now, with this configuration featuring the Nvidia GeForce RTX 3050 graphics card available at 39% off. You'll only have to pay $800 instead of its original price of $1,330, but you need to push through with your purchase immediately if you want to make sure you pocket the savings of $530.

Why you should buy the HP Omen 16L gaming PC

Read more
SpaceX’s Starlink rival is about to launch more internet satellites — here’s how to watch
Amazon's KA-01 mission for Project Kuiper gets underway from the Space Coast.

[UPDATE: A technical issue with the rocket has caused the launch to be postponed. We'll update this article with the new launch schedule just as soon as it becomes available.]

Amazon is preparing to launch its second batch of Project Kuiper internet satellites to orbit as it seeks to build out a constellation to take on SpaceX’s Starlink service.

Read more
Weird Mac mini issue prompts Apple to take action
A top-down view of the Mac Mini.

Following multiple reports of specific Mac mini computers failing to power on, Apple has launched a global repair program to sort the problem out.

Apple launched the  M2 Mac mini in January 2023, though the affected units were made between June 16 and November 23 of 2024, according to a notice about the repair program that was first spotted by MacRumors.

Read more