Microsoft: ‘Unprecedented Wave of Java Exploitation’ — Krebs on Security.
Microsoft is confirming a huge increase in attacks against Java vulnerabilities. Why is this important? Java is installed on the majority of the world’s desktop computers. In fact, the attack volume on Java dwarfs that of Adobe, which is saying something. Java may not be quite as ubiquitous as Adobe, but it’s close. For example, Java is required for Webex and GoToMeeting, the two most popular web meeting applications. To get an idea of the Java to Adobe proportion, see the graph below, courtesy of Microsoft via Krebs on Security.
According to Microsoft, the spike in the third quarter of 2010 is primarily driven by attacks on three Java vulnerabilities that have already been patched for some time now. Even so, attacks against these flaws have “gone from hundreds of thousands per quarter to millions.
Krebs claims the reason for this spike is the inclusion of Java exploits in the commercial crimeware kits sold in the hacker underground.
Java surely falls into that set of PC applications which must be kept up-to-date.