• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 24th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

WEBSENSE: Most of Java Enabled Browsers are Vulnerable to Java Exploits Which Have Been Spreading on a Vast Scale

March 27th, 2013 Waqas Security 0 comments
WEBSENSE: Most of Java Enabled Browsers are Vulnerable to Java Exploits Which Have Been Spreading on a Vast Scale
Share on FacebookShare on Twitter

MAJORITY OF THE JAVA ENABLED BROWSERS ARE ASSAILABLE TO JAVA EXPLOITS WHICH HAVE BEEN SPREAD ON A VAST SCALE: SAYS WEBSENSE

java-dangerMajority of the browser installations that are being used have out-of-date versions of java plug in and are very much vulnerable to the exploits’ tools that have been spread on a large scale. This is according to a report that has been published on Monday by Websense. 

To monitor the requests originating from millions and millions of computer systems that have been protected by different products of this company, it has run its threat detection and intelligence network which will detect the different java versions that are being used in these computer systems and are also available on the web browsers. Email and web gateway products for the security of business operations are being provided by Websense and they have also entered into partnership with the Facebook authorities so that they can ploy a check on the clicks that users make on social networks for threatening content.

The telemetry data which is gathered by the company reveals that only around 5.5 percent of the browsers that are java enabled have updated versions of software’s browser plug in i.e. Java 6 Update 43 (6u43) and Java 7 Update 17 (7u17). These versions were released back in the month of March to deal with the exploits and the vulnerability issue.

As per Websense, a cool exploit kit already contains the exploits which is used by cybercriminals for the purpose of launching mass drive through downloading attacks that poisons computer systems with malware when one visits compromised websites. The kit requires a subscription fee of around 10,000 US dollars which means that it is not within the range of many of the cybercriminals. Websense’s data has also revealed that many browsers installations that are Java enabled are vulnerable through different exploit kits that are cheap to subscribe to.

The company showed that around 75 percent browser installations that are java enabled are vulnerable or can be exploited with the use of four different exploit kits that are not only cheap but are also available on a wide scale. Balckhole 2, redKit, Gong DA and CritXpacks are the name of those kits and they target a vulnerability which is known as Java 7 Update 17 (7u17).  The company also went on to show that 75 percent of such browser installations are using Java versions which are about 6 months old and about two third of the systems (java enabled) are using versions that are more than one year old.

Users are not banking on the java 7 update 11 which has been released by Oracle and which prevents java applets to enter inside the browser without a confirmation check by default.

The data which has been investigated by Websense also reveals that the vulnerabilities which are already very much known to the masses at large (zero day attacks) are not be given much of an attention.

Security experts have advised in the recent past that oracle should devise a way to improve on the rate of adoption for Java updates. They say that it can possibly be done via offering options such as automatic and silent updates as has been done by Google and similarly by Adobe in flash player, Adobe Reader and Chrome. Silent updates of software are not a popular ploy in the corporate worlds where patches are to be inspected for stability and compatibility issues before they are incorporated into the systems.  However if such updates are implemented in consumer space, they can shorten the fragmentation that occurs in Java versions.

[Via: Websense]

Follow @HackRead

  • Tags
  • Endpoint Protection
  • Java Exploits
  • Java Programming
  • Java Vulnerability
  • Malware
  • Patch Management
  • SECURITY NEWS
  • Vulnerability Assessment
  • Vulnerability News
  • WEBSENSE
Facebook Twitter LinkedIn Pinterest
Previous article Website of South Sudan Embassy in Norway Hacked & Defaced by Ymh
Next article #OpIsrael: 33 Israeli Websites Hacked by The Ajan Turkish Hacker
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Shazam Vulnerability exposed location of Android, iOS users

Shazam Vulnerability exposed location of Android, iOS users

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
SonicWall hacked after 0-day flaws exploited by hackers
Hacking News

SonicWall hacked after 0-day flaws exploited by hackers

56
Massive privacy risk as hacker sold 2 million MyFreeCams user records
Cyber Crime

Massive privacy risk as hacker sold 2 million MyFreeCams user records

112
Gamarue malware found in UK Govt-funded laptops for homeschoolers
Security

Gamarue malware found in UK Govt-funded laptops for homeschoolers

545

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us