ID :IRCNE2012041474
Date: 2012-04-21
Java exploits have been generally very reliable for attackers due to a low patch rate, Jason Jones, advanced security intelligence engineer at HP DVLabs told InternetNews.com. For example, one recent exploit took advantage of a Java vulnerability for which a patch was available at the end of 2011 -- yet the Blackhole exploit toolkit included the exploit in its toolkit even after the patch was made available.
Jones noted that the Java vulnerabilities tend to have approximately an 80 percent success rate for infection. In contrast, with other technologies, the older vulnerability success rate is only approximately 13 percent.
Java is at the root of the recent Apple Mac OS X Flashback malware and has also been identified by multiple vendors as being the most vulnerable browser plug-in.
Overall, according to HP's new Top Cyber Security Risks Report for 2011, there was a 19.5 percent decrease in the number of new publicly reported vulnerabilities over the course of last year.
But don't start celebrating just yet, because attack volume still continues to increase. Attack data from HP TippingPoint shows approximately 475 million attacks in 2010 vs. 531 million in 2011 -- an 11 percent increase.
- 2