Security experts report millions of computers are still at risk of being compromised due to Java vulnerabilities, despite Oracle having released multiple emergency patches in recent months.
Approximately 100 million computers around the world are reported to be vulnerable to unauthorised access via different flaws in Java software with the USA’s Department of Homeland Security already having warned users to disable Java permanently to stop hackers from taking control of machines.
Even with the recent patches from Oracle, security experts at Websense have advised “thebest defense we have right now for these kinds of attacks is to disable Java in the browser forever”.
The Websense security experts further elaborated most web browser installations use outdated versions of the Java plug-in that are “vulnerable to at least one of several exploits used in popular web attack toolkit”.
Using their “Threat Intelligence Network”, Websense discovered only 5.5 per cent of Java-enabled browsers have the most up-to-date versions of the software.
“It is probably no surprise that the largest single exploited vulnerability is the most recent one, with a vulnerable population of browsers at 93.77%,”said Websense on their blog.
“Most browsers are vulnerable to a much broader array of well-known Java holes, with over 75% using versions that are at least six months old, nearly two-thirds being more than a year out of date, and more than 50% of browsers are greater than two years behind the times with respect to Java vulnerabilities.”