How Safe is YOUR Java?

2010 Sees ‘unprecedented wave of Java exploitation.’

Jessica Thornsby

Microsoft Malware Protection Centre identifies a wave of Java exploitation.

Holly Stewart, a member of the Microsoft Malware Protection
Centre has published a report claiming this year has seen “an
unprecedented wave of Java exploitation.” By the beginning of 2010,
the number of attacks on vulnerabilities within Java code had “well
surpassed” the total number of Adobe-related exploits monitored by
the Centre.

She found a spike in the third quarter of 2010, which mainly
revolved around three vulnerabilities (CVE-2008-5353;
CVE-2009-3867; and CVE-2010-0094.) Patches are available for all
three of these vulnerabilities. In Stewart’s opinion, this wave of
attacks has been a long time coming, as the number of
vulnerabilities in Java have been “increasing dramatically” since
2008. She cites figures which show the vulnerabilities in Java
leaping a whopping 264% from 2007 to 2008.

But, if patches for the three vulnerabilities primarily
responsible for the 2010 spike are available, then why is Java
still the focus of so many attacks? According to Holly Stewart,
it’s the nature of the technology and our attitude to it that’s at
fault. Java runs in the background, and so users are less likely to
monitor and update it. If you’re concerned you might be running an
outdated, or un-patched version of Java, then it might be time to
get familiar with Oracle’s Critical Patch Updates and Security

comments powered by Disqus